Path: csiph.com!goblin1!goblin.stu.neva.ru!usenet.stanford.edu!not-for-mail
From: Piotr Grzybowski <narsil.pl@gmail.com>
Newsgroups: gnu.bash.bug
Subject: Re: Crash on jobs 2^32-2
Date: Wed, 11 Jul 2018 16:05:42 +0200
Lines: 38
Approved: bug-bash@gnu.org
Message-ID: <mailman.3428.1531317955.1292.bug-bash@gnu.org>
References: <031c3198-c85d-f2d9-8071-2b3b1a8793ef@rub.de>
NNTP-Posting-Host: lists.gnu.org
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
X-Trace: usenet.stanford.edu 1531317955 14036 208.118.235.17 (11 Jul 2018 14:05:55 GMT)
X-Complaints-To: action@cs.stanford.edu
Cc: bug-bash@gnu.org
To: =?iso-8859-1?Q?Simon_W=F6rner?= <simon.woerner@rub.de>
Envelope-to: bug-bash@gnu.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:mime-version:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=fwpxEVrfsdctJt379ZTetqnSCNztKai4yRQhm1gRDAg=; b=RbtklmD+N8ILCZRM7A87zwW1qs1IbLA6HPtTwAKuRtnEnvKrzy5KEc5hBqUnVR8C3J K5BD4AxpJ1UnjWVVNbMs3kdV1TLCcYyfTTX9JXntqoGuMHq1IaVCR8ZvzPCwqY4raCPt 70LXuj33LsvZlGZgO709jbnRvkklvPL+QGbOWSlk5HauXilO4Nd+kOeKDoEIXQMc0Tna u0BmMiupmBVHXdQZj6rmcywTH2C+A5VsPEOKNR+4p5F2a14x8wkASOEqnGlb07OwNIjn uqEayvBMnT6ZBf9Qt3qiUKeSSkhohdkhQB/4RyLQFRnq1MTNLIjy9VesrGnmHSRggYAI EqcA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:mime-version:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=fwpxEVrfsdctJt379ZTetqnSCNztKai4yRQhm1gRDAg=; b=QqihEzxzSE693fLmEfKBmuXfmwGEReC0Myk6HSsB/ZVV0oa5Uz1TdEw//4exlJbf7M cffTbIV3IyVn61e6Crxn0eGmT1v/EV7TdO/1xktC2BPL8W8m3az9fMF9MefFE42q+D8P S2u/etHp3lHgRvqu9rvHMKkjH90y3KN1ZVVoGxWhJYYaO0Ujtvdtmv9WqbwOpfqstVxA /ooRlCpq02cG8QnCpwVb9y8X4Quq6614qvHHQ9M4pmM+LaIAnr7J0pU3Y4sa2WBs7w3/ +FGkOKxx3MLIH68qFCmwa06CajBCYfrDekI8Qy4rX5khXCrYoqUosAjvz8Es5EdFTRGq QAYA==
X-Gm-Message-State: APt69E0UioXK1XOvmL3gk3zPMgmrOfD8JWMmyC6Q2YbpSbgXmAAgmNLe G2FK99TFIXiH8yATMd6d+GA=
X-Google-Smtp-Source: AAOMgpcP+w+GcWfqShVxfKjonKgVUEux25MpP0HTkaFmb2JMM+o4qkqOMePjY+QougKbeKXpar2p6A==
X-Received: by 2002:a19:df43:: with SMTP id q3-v6mr5816097lfj.53.1531317944060; Wed, 11 Jul 2018 07:05:44 -0700 (PDT)
In-Reply-To: <031c3198-c85d-f2d9-8071-2b3b1a8793ef@rub.de>
X-Mailer: Apple Mail (2.1085)
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized.
X-Received-From: 2a00:1450:4010:c07::235
X-BeenThere: bug-bash@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: Bug reports for the GNU Bourne Again SHell <bug-bash.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-bash/>
List-Post: <mailto:bug-bash@gnu.org>
List-Help: <mailto:bug-bash-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=subscribe>
Xref: csiph.com gnu.bash.bug:14330


 oh wow, this is nice:

#define get_job_by_jid(ind) (jobs[(ind)])

155           if ((job =3D=3D NO_JOB) || jobs =3D=3D 0 || get_job_by_jid =
(job) =3D=3D 0)

definitely this if needs looking into.

cheers,
pg

On 11 Jul 2018, at 15:41, Simon W=F6rner wrote:

> Dear all,
> The following crash was found by a modified
> version of the kAFL fuzzer (https://github.com/RUB-SysSec/kAFL).
>=20
> The crash can be reproduced by running:
> $ ls
> $ jobs 4278190079 # 2^32-2
>=20
> We can the crash for
> - GNU bash, version 4.4.19(1)-release (x86_64-pc-linux-gnu)
> - GNU bash, version 4.4.23(2) (x86_64-unknown-linux-gnu)
> - git master branch (commit 64447609994bfddeef1061948022c074093e9a9f)
> - git devel branch (commit a078e04c3d9163541cce590c3fd00f243fe77613)
>=20
> Credits: Simon W=F6rner, Sergej Schumilo, Cornelius Aschermann (all of
> Ruhr-Universit=E4t Bochum)
>=20
> Best regards,
> Simon W=F6rner
>=20
>=20