Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > gnu.bash.bug > #14381
| From | Chris Schoenberg <chris@cr0ssbyte.com> |
|---|---|
| Newsgroups | gnu.bash.bug |
| Subject | v4.4 segfault in 'decode_prompt_string' when processing special parameter |
| Date | 2018-07-21 13:47 -0500 |
| Message-ID | <mailman.3993.1532204462.1292.bug-bash@gnu.org> (permalink) |
This only works in 4.4; earlier versions throw a 'bad substitution' error. It
causes an infinite loop of calls between 'expand_prompt_string' and
'decode_prompt_string',
where calls to 'xmalloc' exhaust the heap:
$\{_@P};${_@P}
I decided to report this because it is not a user-defined recursive
function and it exhausts the heap rather than the stack.
Here is a call trace that just repeats itself as you go back further (you
can see #7 and #0 are the same):
#0 decode_prompt_string (string=0x8dca08 "${_@P}") at
/usr/homes/chet/src/bash/src/parse.y:5471
#1 0x00000000004cf5e0 in string_transform (xc=<optimized out>, v=0x84ca88,
s=0x8dca08 "${_@P}") at subst.c:5127
#2 0x00000000004cc7c5 in parameter_brace_transform (varname=<optimized
out>, value=<optimized out>, ind=<optimized out>, xform=<optimized out>,
rtype=0,
quoted=<optimized out>, flags=<optimized out>) at subst.c:5263
#3 0x00000000004c5a3d in parameter_brace_expand (string=<optimized out>,
quoted=<optimized out>, pflags=<optimized out>,
contains_dollar_at=<optimized out>,
indexp=<optimized out>, quoted_dollar_atp=<optimized out>) at
subst.c:8364
#4 param_expand (string=<optimized out>, sindex=<optimized out>,
quoted=<optimized out>, expanded_something=<optimized out>,
contains_dollar_at=<optimized out>, quoted_dollar_at_p=<optimized out>,
had_quoted_null_p=<optimized out>, pflags=<optimized out>) at subst.c:8740
#5 0x00000000004b2640 in expand_word_internal (word=<optimized out>,
quoted=<optimized out>, isexp=<optimized out>,
contains_dollar_at=<optimized out>,
expanded_something=<optimized out>) at subst.c:9301
#6 0x00000000004b16ca in expand_prompt_string (string=0x8dc908 "${_@P}",
quoted=1, wflags=<optimized out>) at subst.c:3732
#7 0x0000000000434fe0 in decode_prompt_string (string=<optimized out>) at
/usr/homes/chet/src/bash/src/parse.y:5833
Back to gnu.bash.bug | Previous | Next | Find similar | Unroll thread
v4.4 segfault in 'decode_prompt_string' when processing special parameter Chris Schoenberg <chris@cr0ssbyte.com> - 2018-07-21 13:47 -0500
csiph-web