Path: csiph.com!xmission!news.snarked.org!news.linkpendium.com!news.linkpendium.com!panix!usenet.stanford.edu!not-for-mail From: "Franklin, Jason" Newsgroups: gnu.bash.bug Subject: [bug] Segmentation fault in the "fc" builtin (additional change) Date: Tue, 5 May 2020 09:56:15 -0400 Organization: Quoin, Inc. Lines: 86 Approved: bug-bash@gnu.org Message-ID: References: <99e4723e-c675-aa45-3d50-4a2313a5d36d@quoininc.com> NNTP-Posting-Host: lists.gnu.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------9D852541BC40BC776424CAC6" X-Trace: usenet.stanford.edu 1588686988 20322 209.51.188.17 (5 May 2020 13:56:28 GMT) X-Complaints-To: action@cs.stanford.edu Cc: brandon.pfeifer@quoininc.com To: bug-bash@gnu.org Envelope-to: bug-bash@gnu.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quoininc.com; s=google; h=to:cc:from:subject:autocrypt:organization:message-id:date :user-agent:mime-version:content-language; bh=mG4kkHsqQwWQZhuAiMsd0NXQJJ0KAdwbgrwI/ocvWwg=; b=DqtOyAMGQM1MXmk0oFzvXor4S+/ArvLlIKqRGCLmvReCnqk+PvK3+6SzpwkG/dpJ83 14pNNf46fln/4BAPBpZ60nwlTIPfrsPPhyPfZRFtlm5rosJkGPusecvIeShY0CnwMXV2 p7UP8/Tb/kFFetvF/Dre3A+tY4rYt7ZU67z2A= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:cc:from:subject:autocrypt:organization :message-id:date:user-agent:mime-version:content-language; bh=mG4kkHsqQwWQZhuAiMsd0NXQJJ0KAdwbgrwI/ocvWwg=; b=RfeAePKKgQwylRtasqQyLlYjRj63nCxmhknZfcxtnFWmA+y5pFGgnn4PjmFh3vjNju A8F0++BmcpYt80nqpyPgEOLxObw9xbphFtx/NGkjQi4Vscqw/0iJm7k3Z2Lb6RFaldRH DCDBAOn+/dAvBSVGjxXNmuDr1dtWScNIdjrYC4jRwELyQ2mX60RpmzF/sveaicFSsAL8 5n0uneZGBmapKVkL6eeZ2bRs/EVSzKGQFyLLmbAjN8KaUBr0sJFSNZT9MacInMyenl+D /tm00/dxujWuHXixbFL9eJJj/UGg4/OLWEyifaNe/2KlsA1EqHlM8Tl+rWdBdg2KPbFw zwGA== X-Gm-Message-State: AGi0PuYFqlgjCOh/yg+uZ+R0RjkWF4K19QAdq4zuCNaBNgotHy06QiWQ +OtyQ+1sDe931hs8rOoIuMuFrA== X-Google-Smtp-Source: APiQypJBJ7gC4hYT9Mh/JIRJH148tggLZh0kxuLerLZRad5Esz8nFFOp9oVMa5l3CaTQMnQuFvRfJQ== X-Received: by 2002:a0c:90e7:: with SMTP id p94mr2896213qvp.219.1588686977496; Tue, 05 May 2020 06:56:17 -0700 (PDT) Autocrypt: addr=jason.franklin@quoininc.com; keydata= mQGNBF0+/NIBDADgQkZ3EB0NAIDGfkAFDaep9VtVjYV6bfnkUtm4g2VAxMeplvjxAA69cV8h 2n7+HxUB3RnxxkTeKBZY/k/jt0HYAkuCpaYm3fpk8aNCmW8q6qZearU5CwyRgJQMwh2uzA98 otxtt5I2DGLs1vlYulSFgIEaSfv9zEnR8Ss4dNhre4nhiETbG4kA7mZAa7Ot7cc+1wMJDvTe 4ifQ8auIiebGkHUqDiIHZLMgSt0lDoBT653Ohg7+iCqzA/e5/Vzj5zzsCnlfM+bSIpLU5gSR Ea1v1WV9RoNC+DzJJ1kihb/90gtcsYLv6LVw8Orh3G8WNTfLb30Cd68kAPu7At14taw7QFHr 5FsY9jEF41yCl0bvNsGCypiH3qfgepGiP1sGy88jGQCERK5dkfnx6ai3F71fO71UfcGxL2QD fZHu/SeNkE8AaiDOcwIMh+ADXUTUhdMi2/vRblVJHi2vCjo7AsAzVIQOOfwk6QuH8rUSYNwM QK0rcu1yOGids2l8l3ILnrsAEQEAAYkBzgQfAQoAOBYhBLk34UUCiN2a1spDz4f0yAMbCQqR BQJdPwBdFwyAAdOB+DWiI6YMHCQGOWTbFOmj4rTMAgcAAAoJEIf0yAMbCQqRzmwMAIKEa4/a K6O0mcDCdBi/IhyfVdUrupzMDbDLzhHEWjLoXxPpnUlIDyUoktUyPmeODnqJXQ42w5KJCct4 y0R1ezw2EhxATqTVmBHZdkTMJ8pL607/LZz8jqqCoqoJe/BN6U7dxuiMXn5GGc30zDwAWcRI M5VZJPognOWqD1o9bG2rnDoacNtmvbsAd2ZhWOpXKIs+KDRqrx6z2oZtqAoiRXSHJ51VVCKR JwdREOzEF+W+DKueCxCXwrC+Lj40mO2H570MA7ByN/hc0Crcrvbn9mgJOIajG8rraaDv6agG hypugxGcssWe1Ea0l8/NNmKPjnKckCLL3EohYO0i3EijF3u0QE8BZJOS2zaf0XXoj8sbjaba X1KPT3Sw+E10TZtrEc5FKCNSUVuJko9pK80XhdRxGCFkT0+/x3MQwRo5rLvmEwFUsk239Faw N1dhgCuripC5a6aqDZCqX52Zb6K9iRQpukc9zUd50JZkHrRezCnph2iLxMNANgTtHKyQvaR3 K7kBjQRdPv5SAQwA7afFZpuE1kPNtZNI/UqvEHaDY4yTyPUHPzO33QeugNU7etgnI7ghXTg8 dePK/0NltFbmF4E64VgRwBvN3u1h2U5DaH4SPcWAzR84MP5lwmaqfKBkuMq7NBngjl2O9RBb H4r7ewTKYZ2tmAkfYY+tUmn1TcpiLiL95YmibbJuiZSHZOAt7J8yZHNXrqXGmzeD2N7UzaVD 6eB8IePphHLgEjCXUREi6j3p53VWEoNXC+q0Lk5m5BJl7G0+JO5PzjtW4ve1/X4bYIEvWF0q 0Asuuk+DIdI+tmHmdGXALdAMXprC2DPObiXIneBgxkhRdNDM5CpJ14AtYbg9ol+8K6d5T3pw tSYoN9Yx4Wlsq+Y+go5D5zf27ZZg8Gm7OXBXtxI3OjcT+J4ITemaj7ZsgQ6vN14K6F3KXzAp Q4xjZcuHsiOdZIPiFW0jZDW/LdjFXZQLO7GAz1a88KmyFYvaK9ayBsn9eZ72at09625rkC7P 9eS3eUGvIyGwLclEMwD8WXxLABEBAAGJA3IEGAEKACYWIQS5N+FFAojdmtbKQ8+H9MgDGwkK kQUCXT7+UgIbAgUJA8JnAAHACRCH9MgDGwkKkcD0IAQZAQoAHRYhBMI/x2WtxyycbFiDM+Vf dRMWo0OwBQJdPv5SAAoJEOVfdRMWo0OwFMIMANSsD05P8GmbJnv8ZzYoGCAQ8zP2TGPB5R3s W4Ra1eJO1Ao1AHMLmUTWlyehv+1Mq+tgnYE05J4W/Da48RLmt8aOotlR4sh6YFynOWksbrCD 7lSz81/GtO8Bw1ToYkO+fFHRjHcDdoiu1mYv8iFPfaZKoCFIettu6ZZFA9xt90xsKnMw9qoZ 55KKGHhyiebuTDcAIBW8bLI/S/nBmN7x+xO0DAMKz8qwIe9lLW+A8Y4mUcSCUxLFKKmic1nj pi/4uE2EsN10n8euReIh09pMIuGVNjJewBvALN+Z3mNDSdrttjE0/31m+h0Oxh3WYNd9cbGG FjIf2GCqkxxRX4PYxiW/90B3Wtv+vco3yhbForWggXxZ4m0QwsG1F/8DiydWVgmH1G+W3xgv Kj1LUSSPzGjmanVdHI2Hpn1HZZ6MAYTZvnv05bqZ1c4nlL0DbqW4F8mKAgp40hfcXUuMuaEt km/iZfn2IvwqeL54cOyX5FmzoffAphoSwrE3eB0vtk9XMrZvDACYucq8yNMSUw8XvExdYpTI IgDxNbNo4e4XrwzAkgFNhTplUKN4Ul1XctE9GkppplqVehzh7PvoBOYPGn/eHncid2mcXjgh yBw5cNvZKbt11ahBpjpKNN3LLPZVTQ10u8NPQQBSPX8kPQE/909Qe17yeMsX9HZgQ5x+Eumi XymeJGkCtlWvWj93COVxrO0+LmZRj1LHxWiyTsBx0iR8fwN6igvEvKZXbZikXCfBtJa6sXTp kcF2KjicPB83Xmmf0HLJhDNirfql2D/CpnfeJrzb+Pc8EEtahK/ylCmXmqhIlo12NHScIvzR M/+O15fNKHtn51FVGLpoQwC94/j60/Bjkg72pReQRg4498QMuwh2L0de45qr30KnepTUAQD/ 19wPkBaIX7Q7Ar0Qitta/s3kZtF/yzewstEDc752RLhzBKplnbVqspioP5AT6YvNJW+0pylm RZ375vh+YeS/U3LFg1Ldi21oXkDSyc5tMCS03o2lvTf1cRFLkP+VlfYz1yi5AY0EXT7+ggEM AM0WCBqJF5UMLMJzHBbvDj3P3/TILSJ2FdBv5XB5uociwrYJfKi3iRNf5KehVl964RvhH+qO 7lruTcDiI5WJqxvFcJVNuJ//JJ6e4JUfi3yMy9LrF7W6C8w0I32pStvPPkBQt0GXUNrehlkW KBJTxN/IS33SDFYeRl+Izbhg9muQUg2VweKo13ChYVuLsJhyz4a4zWwrZWrPY6WSDh+q8edT txDl+MIh0hO1Xgp6IxdjRuIrZH8CHfq0bX5hErZz1aJg6eGo4TvE4l2mSJhMgoM0NAYJc0W2 uE++362eADCa+NpkQwwYOd90fbDDkyDgnIQRHCGO0oWacyJhKpmdp/8oa7u1IZQbLIhaY7PP //284cg+Au/5IjgQXNJIXpXtmRrmNTOyvYx8vw7qr/0JMwjj/xW10vbfuhT8QPQKSOiW55Hw Sp2VJLXj6N1K2LvX3AQ1+eJEbrKNLOiN+2GKf56mocAcHvhk5gapa90WnXuihPR/ePZC5d0q 70r69QuoIwARAQABiQG8BBgBCgAmFiEEuTfhRQKI3ZrWykPPh/TIAxsJCpEFAl0+/oICGwwF CQPCZwAACgkQh/TIAxsJCpGNxQv+IrK6w/exEwK1xD33w+X10J9S1BFvTulYKPIkAGhYgG9v varxirevTx2Tq5KdV4cGW28u69gJtQBSXSK0gzdti/JSkVNXQWNAibI72UVP8QPF8FXe5V8M caaz1h9ZjUTOvJpabYqXd7jb6Je/q0f3HrDJdXKEBPVnGWv4IbLI0wZJXU1NlSODLqwiGA33 s9BN22phU1tBRUsJhXnhmVYWvHhRaNq/hsbj8GQbQym25LONHlcChe45ptWkrtnaR0New3L6 4CRwZHCs/3EkTA9qbeeXxM3f6zCtSN7Gk2VJyGaRiOOlaRNPcjrQa9YQAIiJ/mPxLTZ7nUiD NDIlzys55GT7NcKP98uTmB4YOqmnpDGuPJVy1+yglj6Li3TfQ4lw8xtcHsyKh32hCqaTB/NZ 5b/7GrmWSzVDdU+VS2dqHbgbMUp4zLTxmMrXJX1qzqW/6OeblfosRZLt2uWV7X+mDidg7ucd AdlsPF403hhWS8JgqXXkPCftW5sFQ72DY2Re User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0 Content-Language: en-US Received-SPF: permerror client-ip=2607:f8b0:4864:20::f31; envelope-from=jason.franklin@quoininc.com; helo=mail-qv1-xf31.google.com X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache. That's all we know. X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-BeenThere: bug-bash@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Bug reports for the GNU Bourne Again SHell List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Mailman-Original-Message-ID: <99e4723e-c675-aa45-3d50-4a2313a5d36d@quoininc.com> Xref: csiph.com gnu.bash.bug:16282 This is a multi-part message in MIME format. --------------9D852541BC40BC776424CAC6 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Greetings: After sending the original email concerning this issue, I delved into the code again for one last review. I discovered that, even after the original fix a segmentation fault is still possible, because histbeg could be higher than histend! The idea from "fc" would be to print the list in reverse. However, histbeg and histend are swapped after histend is checked in the original patch. So, I have attached an updated patch that avoids the following additional segfault: $ bash --norc $ fc -0 100 Segmentation fault (core dumped) This patch works by moving the reversal of histbeg and histend to before when histend is checked. This handles the other case when a segfault could occur (where histbeg is real_last). Thanks again for reviewing! -- Jason Franklin --------------9D852541BC40BC776424CAC6 Content-Type: text/x-patch; charset=UTF-8; name="fc_fix_updated.patch" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="fc_fix_updated.patch" diff --git a/builtins/fc.def b/builtins/fc.def index 6951a687..04361b92 100644 --- a/builtins/fc.def +++ b/builtins/fc.def @@ -353,9 +353,20 @@ fc_builtin (list) histbeg =3D histend =3D last_hist; } =20 + if (histend < histbeg) + { + i =3D histend; + histend =3D histbeg; + histbeg =3D i; + + reverse =3D 1; + } + /* "When not listing, the fc command that caused the editing shall not= be - entered into the history list." */ - if (listing =3D=3D 0 && hist_last_line_added) + entered into the history list." However, if the user passed "-0", = then + histend will have been set to real_last above. This means the user= wants + to include the current command, so we do not remove it here. */ + if (listing =3D=3D 0 && hist_last_line_added && histend < real_last) { bash_delete_last_history (); /* If we're editing a single command -- the last command in the @@ -382,15 +393,6 @@ fc_builtin (list) return (EXECUTION_FAILURE); } =20 - if (histend < histbeg) - { - i =3D histend; - histend =3D histbeg; - histbeg =3D i; - - reverse =3D 1; - } - if (listing) stream =3D stdout; else --------------9D852541BC40BC776424CAC6--