Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > gnu.bash.bug > #14381
| Path | csiph.com!goblin3!goblin1!goblin.stu.neva.ru!usenet.stanford.edu!not-for-mail |
|---|---|
| From | Chris Schoenberg <chris@cr0ssbyte.com> |
| Newsgroups | gnu.bash.bug |
| Subject | v4.4 segfault in 'decode_prompt_string' when processing special parameter |
| Date | Sat, 21 Jul 2018 13:47:53 -0500 |
| Lines | 38 |
| Sender | chris@cr0ssbyte.com |
| Approved | bug-bash@gnu.org |
| Message-ID | <mailman.3993.1532204462.1292.bug-bash@gnu.org> (permalink) |
| NNTP-Posting-Host | lists.gnu.org |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset="UTF-8" |
| X-Trace | usenet.stanford.edu 1532204463 11109 208.118.235.17 (21 Jul 2018 20:21:03 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| To | bug-bash@gnu.org |
| Envelope-to | bug-bash@gnu.org |
| DKIM-Signature | a=rsa-sha256; v=1; c=relaxed/relaxed; d=cr0ssbyte.com; q=dns/txt; s=smtp; t=1532198887; h=Content-Type: To: Subject: Message-ID: Date: From: MIME-Version: Sender; bh=qSlbcj8UKgdlL2F619U0xhquYj6tEopDt+RM6+ewwyo=; b=qcVqSPgj1IwUELYNl/koBMpHxmqZW7BENCGkLaofsiNzv2M9hferWhL2lN6XQuzBCDh8Sz8M tJv16ig4UC8v4t/LPSGbm8bsj6LU7S6eTWxBccENbsm3+oQ9rRcOdX/gjcz5DlLciMjxkVtD MITCU72ypgZHf4CKGFJH4h6u6+c= |
| X-Mailgun-Sending-Ip | 184.173.153.201 |
| X-Mailgun-Sid | WyI0MmQ4OCIsICJidWctYmFzaEBnbnUub3JnIiwgIjVjMzYyNSJd |
| X-Gm-Message-State | AOUpUlFuShQ8vyEKRTTRB3GbFNuuh105Rt3C3NpGvJ274uTBFMY4KVbd Hblm9kA3wpmiUKpuo4irBiseqJ5gX5hm+UgRUVo= |
| X-Google-Smtp-Source | AAOMgpduj6Jxf9hicPguUamTGTqiP+ZvOSf1rP2ARBsBpsFCBgwtsowxZWOyLHeesz96K8826NSFOupdt2FWrAponQ0= |
| X-Received | by 2002:a19:9a81:: with SMTP id c123-v6mr4093976lfe.106.1532198885028; Sat, 21 Jul 2018 11:48:05 -0700 (PDT) |
| X-Gmail-Original-Message-ID | <CAAnqJ08xXw8Ezq4mn_FGojcx6vi26d001foWFncUJt809XiS_w@mail.gmail.com> |
| X-detected-operating-system | by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] |
| X-Received-From | 184.173.153.201 |
| X-Mailman-Approved-At | Sat, 21 Jul 2018 16:21:01 -0400 |
| X-Content-Filtered-By | Mailman/MimeDel 2.1.21 |
| X-BeenThere | bug-bash@gnu.org |
| X-Mailman-Version | 2.1.21 |
| Precedence | list |
| List-Id | Bug reports for the GNU Bourne Again SHell <bug-bash.gnu.org> |
| List-Unsubscribe | <https://lists.gnu.org/mailman/options/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=unsubscribe> |
| List-Archive | <http://lists.gnu.org/archive/html/bug-bash/> |
| List-Post | <mailto:bug-bash@gnu.org> |
| List-Help | <mailto:bug-bash-request@gnu.org?subject=help> |
| List-Subscribe | <https://lists.gnu.org/mailman/listinfo/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=subscribe> |
| Xref | csiph.com gnu.bash.bug:14381 |
Show key headers only | View raw
This only works in 4.4; earlier versions throw a 'bad substitution' error. It
causes an infinite loop of calls between 'expand_prompt_string' and
'decode_prompt_string',
where calls to 'xmalloc' exhaust the heap:
$\{_@P};${_@P}
I decided to report this because it is not a user-defined recursive
function and it exhausts the heap rather than the stack.
Here is a call trace that just repeats itself as you go back further (you
can see #7 and #0 are the same):
#0 decode_prompt_string (string=0x8dca08 "${_@P}") at
/usr/homes/chet/src/bash/src/parse.y:5471
#1 0x00000000004cf5e0 in string_transform (xc=<optimized out>, v=0x84ca88,
s=0x8dca08 "${_@P}") at subst.c:5127
#2 0x00000000004cc7c5 in parameter_brace_transform (varname=<optimized
out>, value=<optimized out>, ind=<optimized out>, xform=<optimized out>,
rtype=0,
quoted=<optimized out>, flags=<optimized out>) at subst.c:5263
#3 0x00000000004c5a3d in parameter_brace_expand (string=<optimized out>,
quoted=<optimized out>, pflags=<optimized out>,
contains_dollar_at=<optimized out>,
indexp=<optimized out>, quoted_dollar_atp=<optimized out>) at
subst.c:8364
#4 param_expand (string=<optimized out>, sindex=<optimized out>,
quoted=<optimized out>, expanded_something=<optimized out>,
contains_dollar_at=<optimized out>, quoted_dollar_at_p=<optimized out>,
had_quoted_null_p=<optimized out>, pflags=<optimized out>) at subst.c:8740
#5 0x00000000004b2640 in expand_word_internal (word=<optimized out>,
quoted=<optimized out>, isexp=<optimized out>,
contains_dollar_at=<optimized out>,
expanded_something=<optimized out>) at subst.c:9301
#6 0x00000000004b16ca in expand_prompt_string (string=0x8dc908 "${_@P}",
quoted=1, wflags=<optimized out>) at subst.c:3732
#7 0x0000000000434fe0 in decode_prompt_string (string=<optimized out>) at
/usr/homes/chet/src/bash/src/parse.y:5833
Back to gnu.bash.bug | Previous | Next | Find similar | Unroll thread
v4.4 segfault in 'decode_prompt_string' when processing special parameter Chris Schoenberg <chris@cr0ssbyte.com> - 2018-07-21 13:47 -0500
csiph-web