Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > gnu.bash.bug > #16283
| From | Chet Ramey <chet.ramey@case.edu> |
|---|---|
| Newsgroups | gnu.bash.bug |
| Subject | Re: [bug] Segmentation fault in the "fc" builtin |
| Date | 2020-05-05 11:41 -0400 |
| Organization | ITS, Case Western Reserve University |
| Message-ID | <mailman.2142.1588693287.3066.bug-bash@gnu.org> (permalink) |
| References | <06953bf8-5526-bb86-b878-2dcf9864acec@quoininc.com> <6ec4bd02-4aa3-3e03-980d-9744669c7270@case.edu> |
On 5/5/20 9:21 AM, Franklin, Jason wrote: > Greetings: > > Yesterday, I encountered a segmentation fault when using the "fc" > builtin command. I cloned the Bash source code from GNU Savannah, and I > verified that the bug is still present in the latest commits to the > master and devel branches (the work below applies to "devel"). > > To reproduce... > > $ bash --norc > $ fc -0 > Segmentation fault (core dumped) > > I worked with a colleague during our lunch break to track down the issue > with GDB. We created a minimal patch (attached) that fixes the problem. Thanks for the report and your careful analysis. > > Allow me to explain the reasoning behind the patch... > > From the CHANGES file, we see this note concerning the "fc" builtin: > > b. The fc builtin now interprets -0 as the current command line. Yes, this is from one of the bash-4.3 testing releases. It's in response to this message: https://lists.gnu.org/archive/html/bug-bash/2013-08/msg00037.html and deliberately works only for -l. The question is what to do about the cases where -l isn't supplied, as you observed. Dumping core is definitely the worst of the options. > Our solution does not remove the last history item when the user passes > "-0" to tell "fc" to include it in the history and the list to edit. The issue I have with this solution is that it leads to an infinite loop if the user doesn't change the command in the editor. If you use `fc -s -0' the shell runs fc recursively until it runs out of stack space and then dumps core. You could easily say that this falls into the category of user error, and I wouldn't argue, but as you also observe, there's nothing in the man page prohibiting or even warning against it. I'm leaning towards making 0 and -0 out-of-range errors for the non-listing case. This is what other shells do (the netbsd and freebsd shells being notable exceptions). Chet -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, UTech, CWRU chet@case.edu http://tiswww.cwru.edu/~chet/
Back to gnu.bash.bug | Previous | Next | Find similar
Re: [bug] Segmentation fault in the "fc" builtin Chet Ramey <chet.ramey@case.edu> - 2020-05-05 11:41 -0400
csiph-web