Re: [bug] Segmentation fault in the "fc" builtin

Path	csiph.com!xmission!news.snarked.org!news.linkpendium.com!news.linkpendium.com!panix!usenet.stanford.edu!not-for-mail
From	Chet Ramey <chet.ramey@case.edu>
Newsgroups	gnu.bash.bug
Subject	Re: [bug] Segmentation fault in the "fc" builtin
Date	Tue, 5 May 2020 11:41:17 -0400
Organization	ITS, Case Western Reserve University
Lines	57
Approved	bug-bash@gnu.org
Message-ID	<mailman.2142.1588693287.3066.bug-bash@gnu.org> (permalink)
References	<06953bf8-5526-bb86-b878-2dcf9864acec@quoininc.com> <6ec4bd02-4aa3-3e03-980d-9744669c7270@case.edu>
Reply-To	chet.ramey@case.edu
NNTP-Posting-Host	lists.gnu.org
Mime-Version	1.0
Content-Type	text/plain; charset=utf-8
Content-Transfer-Encoding	7bit
X-Trace	usenet.stanford.edu 1588693287 24761 209.51.188.17 (5 May 2020 15:41:27 GMT)
X-Complaints-To	action@cs.stanford.edu
Cc	chet.ramey@case.edu, brandon.pfeifer@quoininc.com
To	"Franklin, Jason" <jason.franklin@quoininc.com>, bug-bash@gnu.org
Envelope-to	bug-bash@gnu.org
DKIM-Signature	v=1; a=rsa-sha256; c=relaxed/relaxed; d=case.edu; s=smtp-primary; t=1588693283; bh=5ZCnur2VSSj6j8+t94Qnv9yaaAhrQmiT3HHbwfOVz3A=; h=Reply-To:Cc:Subject:To:References:From:Message-ID:Date: MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=70Mrp+nBIIzkMdZTuh2VHa5jrn32UpufkcqOxLuaEKC7wdLZpGhlupBKLNL6xgm3pK FDGtVmy+AT0JTOr1HsqnSBYiLJKuXnqBOqsKzA3nW+e1MhHntzukpCGs8JKDjvGf8Ee eFH97w4st/pTZxqNKGTDkTcWy58XrG8mAw7xgoVYQq99AYbe36vjhH9bC24IMpUwPvh LAExxv/ZjP8z5dGXrWfS6Nw7pfw2gRH8s7FMrXLe3oK5pPanyNgkJ7YJyejTXOaCmeo F9rSDq+JeTVOgsFmvsY0CyEvjUv8vjUeNviAOHvJdM2YxRFyRFSpnUECJyUlaitzwzC l2tWfY9g==
DKIM-Signature	v=1; a=rsa-sha256; c=relaxed/relaxed; d=case.edu; s=smtp-primary; t=1588693280; bh=RaH46B4lN+lmZjgYzHr604ZxRyroh2IZT9LJ7/ARJs8=; h=Reply-To:Cc:Subject:To:References:From:Message-ID:Date: MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=3u/3D/s8PunoIgF1SqE3QjeSEnUjchf8/Sw5eqp/CgV7ptm5wmO7TtTtnOHhuY7iY4 428WZy/QDwUa4ibOmRX3qmQflcVZAYH4gTs1J2HwN9d7CFcnr+buIdMUPzKQ4HIfPKB 6oMejSg8Iy/FBLFumE7riGc4KNh0RqJGM2bGU1sIHynAbJtqo2aJTSGZbde0yfOwtWw ETf8CEwbWPKYlPHknBmLJlAk3a88DHYhBD4x9sby7nL5Toi+8jYou05nlKWiHTmNGHb 0rO+rB5oTtvrpasSCLvQmmBeHGIoYjTfCQhl5xr5cfscetXXOX1tbdCok6r2Qaax3Iu AUwOkbkg==
DKIM-Signature	v=1; a=rsa-sha256; c=relaxed/relaxed; d=case.edu; s=g-case; h=reply-to:cc:subject:to:references:from:autocrypt:organization :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=RaH46B4lN+lmZjgYzHr604ZxRyroh2IZT9LJ7/ARJs8=; b=GY76cu4Jyhf47hRUi9xRWXj2owBWPFbmTrxFxJIk3v83FqbiW4PkhKN5QuazyifXRJ J4aZs7oEmDGZHURRoJeAf0c+qpg2bNAbaU0ts9IDxLHSN9BEPJJFwkr2CPdfyF/yoEOT /93vbqSj2MUZcF+9TLZ2uCE0dDY+9sriCzeL/+rCX4KX2tcTl39l8AYZArJz/y38KlyL BfqmTbnAfZMSETW3HLprmsNM5MS7I/m8VvzRy1CfNrOevATiJtpgWFslgnb6yuwimsxc Y8wcRkNLZZwWLAbrcLpwqSp+r4IEw7FGKoDyuMry4y49cGFmQrpayM8PgwR37Gj75/ha Ly/w==
X-Google-DKIM-Signature	v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:reply-to:cc:subject:to:references:from:autocrypt :organization:message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=RaH46B4lN+lmZjgYzHr604ZxRyroh2IZT9LJ7/ARJs8=; b=fOx2m4ICIHspg2h8b5ddI+1keBTdkwxTkmQPTpHofqXkAkF2NLyq6kASHbcUkczYX9 GGsZjjHNoqHQ6LjD0nq6gcjYCmMId/c926CUMMLirGPT5y//o+HAEkrF5O5kmpk7yq6/ lm9mSfiGlCDV2SXEEDBluRKc1D/TRtvM2ypaMid43QZGrUQGw+RYFmhnAOFsoZnzgmA9 myeoovzbYD0D/vqp9PAgEcN4HB/zKLdmZXZzk98eZRd8ZNdQAqjTu/yDauIJS7U+y9tX nRbsVggFMfxAsf4bUzJ7Cuc6de7BBs/YoXhh6eN/bIok6FQjX9WDSuI37T9cVOA+bkDO vWww==
X-Gm-Message-State	AGi0Pub+HTZ06GFRGLYYCnJ/IatkelKmJGgrQrNc8IJ95S2WslhTuTJ2 EAaFFMt2GEoO44x7GFga3uG5Ha6kNtN8TQxyHkyO1Cy65doKX5L1eo4LK3GeBhVsE7ZkmAGC6xA 2UtnJ2glckq0=
X-Received	by 2002:a05:6214:493:: with SMTP id ay19mr3187502qvb.152.1588693279753; Tue, 05 May 2020 08:41:19 -0700 (PDT)
X-Google-Smtp-Source	APiQypJVvI4pU0CszZa7M+xiSYtUgCstKUedEqZaOU2i9iDDrWyLIV2qRc+ypYH7g61OGO42kscM7g==
X-Received	by 2002:a05:6214:493:: with SMTP id ay19mr3187471qvb.152.1588693279387; Tue, 05 May 2020 08:41:19 -0700 (PDT)
Autocrypt	addr=chet.ramey@case.edu; prefer-encrypt=mutual; keydata= mQGiBEEOsGwRBACFa0A1oa71HSZLWxAx0svXzhOZNQZOzqHmSuGOG92jIpQpr8DpvgRh40Yp AwdcXb8QG1J5yGAKeevNE1zCFaA725vGSdHUyypHouV0xoWwukYO6qlyyX+2BZU+okBUqoWQ koWxiYaCSfzB2Ln7pmdys1fJhcgBKf3VjWCjd2XJTwCgoFJOwyBFJdugjfwjSoRSwDOIMf0D /iQKqlWhIO1LGpMrGX0il0/x4zj0NAcSwAk7LaPZbN4UPjn5pqGEHBlf1+xDDQCkAoZ/VqES GZragl4VqJfxBr29Ag0UDvNbUbXoxQsARdero1M8GiAIRc50hj7HXFoERwenbNDJL86GPLAQ OTGOCa4W2o29nFfFjQrsrrYHzVtyA/9oyKvTeEMJ7NA3VJdWcmn7gOu0FxEmSNhSoV1T4vP2 1Wf7f5niCCRKQLNyUy0wEApQi4tSysdz+AbgAc0b/bHYVzIf2uO2lIEZQNNt+3g2bmXgloWm W5fsm/di50Gm1l1Na63d3RZ00SeFQos6WEwLUHEB0yp6KXluXLLIZitEJLQwQ2hldCBSYW1l eSAoQ2FzZSBzdGFuZGFyZCkgPGNoZXQucmFtZXlAY2FzZS5lZHU+iF8EExECAB8FAkPi19EC GwMHCwkIBwMCAQMVAgMDFgIBAh4BAheAAAoJELtYafBk6nSrelkAn31Gsuib7GcCZHbv5L5t VKYR9LklAJ4hzUHKA49Z0QXR+qCb80osIcmPSbkBDQRBDrBvEAQAkK6TAOKBEM+EC4j6V/7o /riVZqcgU5cid2qG9TXdwNtD9a3kvA/ObZBO93sX59wc6Bnwo4VJxsOmMlpGrAjJsxNwg3QH akEtf8LXRbVpj5xStdmBdQZUhIQyalo/2/TZq5OijtddUQcL5cs70hTv/FpT3wUvr2Xr8rjF 41IFEz8AAwcD/A0CZEGlzIrT5WCBnl6xBog/8vKiUCbarByat3d1mL6DbizvKNXQRTC9E/vE dENAWCQCjr75Bu55xT8n3SXGtWdDC5xmZ/P3OBYORP8yl8H8I1FIosWOFirbIeYdZPq8SPD1 HL+EXo9zSiHVrrZRJ19ooCKKbSdXHFCY+aJG+0KZiEkEGBECAAkFAkEOsG8CGwwACgkQu1hp 8GTqdKvjcACfZlkVCDwaz/NTO9cy3t69oWpVPNwAnRwe0qk/WL/gfhH346xh5B3HFbFN
User-Agent	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0) Gecko/20100101 Thunderbird/68.7.0
In-Reply-To	<06953bf8-5526-bb86-b878-2dcf9864acec@quoininc.com>
Content-Language	en-US
X-Mirapoint-IP-Reputation	reputation=Good-1, source=Queried, refid=tid=0001.0A020303.5EB187AD.0016, actions=tag
X-Mirapoint-IP-Reputation	reputation=good-1, source=Fixed, refid=n/a, actions=tag
X-Junkmail-Status	score=8/80, host=mpv4-2015.case.edu
X-Junkmail-PrAS-Raw	score=8/80, refid=2.7.2:2020.5.5.143618:17:8.317, ip=, rules=__YOUTUBE_RCVD, DKIM_SIGNATURE, __X_GOOGLE_DKIM_SIGNATURE, __HAS_REPLYTO, __HAS_CC_HDR, __MULTIPLE_RCPTS_CC_X2, __SUBJ_REPLY, __BOUNCE_CHALLENGE_SUBJ, __BOUNCE_NDR_SUBJ_EXEMPT, __SUBJ_ALPHA_END, __TO_MALFORMED_2, __MULTIPLE_RCPTS_TO_X2, __TO_NAME, __TO_NAME_DIFF_FROM_ACC, __HAS_REFERENCES, __REFERENCES, __HAS_FROM, FROM_EDU_TLD, __HAS_MSGID, __SANE_MSGID, DATE_TZ_NA, __USER_AGENT, __MOZILLA_USER_AGENT, __MIME_VERSION, __IN_REP_TO, __CT, __CT_TEXT_PLAIN, __CTE, __REPLYTO_SAMEAS_FROM_ADDY, __REPLYTO_SAMEAS_FROM_ACC, __FROM_DOMAIN_IN_ANY_CC2, __REPLYTO_SAMEAS_FROM_DOMAIN, __DKIM_ALIGNS_1, __DKIM_ALIGNS_2, __URI_HAS_HYPHEN_USC, __ANY_URI, __URI_MAILTO, __HTTPS_URI, __URI_WITH_PATH, __URI_ENDS_IN_SLASH, URI_ENDS_IN_HTML, __URI_NO_WWW, __CP_URI_IN_BODY, __FRAUD_MONEY_CURRENCY_DOLLAR, __SUBJ_ALPHA_NEGATE, __COURIER_PHRASE, __MULTIPLE_URI_TEXT, __URI_IN_BODY, [TRUNCATED], so=2010-03-03 19:42:08, dmn=2016-08-03-0138
Received-SPF	pass client-ip=129.22.103.195; envelope-from=chet.ramey@case.edu; helo=mpv4-2015.case.edu
X-detected-operating-system	by eggs.gnu.org: First seen = 2020/05/05 11:41:21
X-ACL-Warn	Detected OS = Linux 2.4.x-2.6.x [generic] [fuzzy]
X-Spam_score_int	-43
X-Spam_score	-4.4
X-Spam_bar	----
X-Spam_report	(-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN
X-Spam_action	no action
X-BeenThere	bug-bash@gnu.org
X-Mailman-Version	2.1.23
Precedence	list
List-Id	Bug reports for the GNU Bourne Again SHell <bug-bash.gnu.org>
List-Unsubscribe	<https://lists.gnu.org/mailman/options/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=unsubscribe>
List-Archive	<https://lists.gnu.org/archive/html/bug-bash>
List-Post	<mailto:bug-bash@gnu.org>
List-Help	<mailto:bug-bash-request@gnu.org?subject=help>
List-Subscribe	<https://lists.gnu.org/mailman/listinfo/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=subscribe>
X-Mailman-Original-Message-ID	<6ec4bd02-4aa3-3e03-980d-9744669c7270@case.edu>
X-Mailman-Original-References	<06953bf8-5526-bb86-b878-2dcf9864acec@quoininc.com>
Xref	csiph.com gnu.bash.bug:16283

Show key headers only | View raw

On 5/5/20 9:21 AM, Franklin, Jason wrote:
> Greetings:
> 
> Yesterday, I encountered a segmentation fault when using the "fc"
> builtin command.  I cloned the Bash source code from GNU Savannah, and I
> verified that the bug is still present in the latest commits to the
> master and devel branches (the work below applies to "devel").
> 
> To reproduce...
> 
>   $ bash --norc
>   $ fc -0
>   Segmentation fault (core dumped)
> 
> I worked with a colleague during our lunch break to track down the issue
> with GDB.  We created a minimal patch (attached) that fixes the problem.

Thanks for the report and your careful analysis.

> 
> Allow me to explain the reasoning behind the patch...
> 
> From the CHANGES file, we see this note concerning the "fc" builtin:
> 
>   b.  The fc builtin now interprets -0 as the current command line.
Yes, this is from one of the bash-4.3 testing releases. It's in response
to this message:

https://lists.gnu.org/archive/html/bug-bash/2013-08/msg00037.html

and deliberately works only for -l.

The question is what to do about the cases where -l isn't supplied, as
you observed. Dumping core is definitely the worst of the options.

> Our solution does not remove the last history item when the user passes
> "-0" to tell "fc" to include it in the history and the list to edit.

The issue I have with this solution is that it leads to an infinite loop
if the user doesn't change the command in the editor. If you use `fc -s -0'
the shell runs fc recursively until it runs out of stack space and then
dumps core.

You could easily say that this falls into the category of user error, and
I wouldn't argue, but as you also observe, there's nothing in the man page
prohibiting or even warning against it.

I'm leaning towards making 0 and -0 out-of-range errors for the non-listing
case. This is what other shells do (the netbsd and freebsd shells being
notable exceptions).

Chet
-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
		 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU    chet@case.edu    http://tiswww.cwru.edu/~chet/

Back to gnu.bash.bug | Previous | Next | Find similar

Thread

Re: [bug] Segmentation fault in the "fc" builtin Chet Ramey <chet.ramey@case.edu> - 2020-05-05 11:41 -0400

csiph-web