Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > gnu.bash.bug > #14383
| Path | csiph.com!xmission!news.snarked.org!news.linkpendium.com!news.linkpendium.com!panix!usenet.stanford.edu!not-for-mail |
|---|---|
| From | Chet Ramey <chet.ramey@case.edu> |
| Newsgroups | gnu.bash.bug |
| Subject | Re: v4.4 segfault in 'decode_prompt_string' when processing special parameter |
| Date | Sat, 21 Jul 2018 19:57:58 -0400 |
| Organization | ITS, Case Western Reserve University |
| Lines | 21 |
| Approved | bug-bash@gnu.org |
| Message-ID | <mailman.4000.1532217489.1292.bug-bash@gnu.org> (permalink) |
| References | <CAAnqJ08xXw8Ezq4mn_FGojcx6vi26d001foWFncUJt809XiS_w@mail.gmail.com> |
| Reply-To | chet.ramey@case.edu |
| NNTP-Posting-Host | lists.gnu.org |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=utf-8 |
| Content-Transfer-Encoding | 7bit |
| X-Trace | usenet.stanford.edu 1532217490 17560 208.118.235.17 (21 Jul 2018 23:58:10 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| Cc | chet.ramey@case.edu |
| To | Chris Schoenberg <chris@cr0ssbyte.com>, bug-bash@gnu.org |
| Envelope-to | bug-bash@gnu.org |
| X-Google-DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:reply-to:cc:subject:to:references:from :organization:message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=mkyRH9Bfuhsvt27hqhZehkikjIqzDzW5bj3OBQxcomk=; b=kAM6thScoi9yjQAdIv2wAlAiBCLyHUQ6HTfDQbf1JnObHhABaGIvud7KxIBAD7YKlz RYXj8KfZqf2ONHquNHKa86dRGIjsXvoKVI48bKAJ8bQhH54sM2GCHIsyoxK59yCVq8xU McPAodVEupEh2ungNqUBE1xKuMMw8minCmDgFnftn6hGrQzBM7qEWP9AE2Nw8JExRY3O m4i9N7FK4foaA9do+1gHb1qjmHxJIZAsXM8VqciF98RL/iANYOWyy64QQJTpEI6mP6jS QlVrFqI6rS+d9e9gtUMp6KSm80CMk242Nm6c9FbfDBikGRaV1hulLkp+135+M1v1juPp MPhw== |
| X-Gm-Message-State | AOUpUlGVKY8n/Hgg/3i2+zgrfq0rsoJRmIgTWYRXLA6UmpLLT1FMnj3c ecFnvXSlGBqmyfrQfFM+PYUjhW1c9s7buwYiuPdvWB5fTGYw7GUkz9kqhH9tX1Ek99EfgyCFUXX IdcLjo5M9+x4= |
| X-Received | by 2002:a24:edce:: with SMTP id r197-v6mr5889423ith.23.1532217481325; Sat, 21 Jul 2018 16:58:01 -0700 (PDT) |
| X-Google-Smtp-Source | AAOMgpeuczN6Q++kKit/PsYB0/d9TjD1uXQwUJNjRhJZb7WgzOKlw0lwhRDAzM6fO/biaM/KO8Ba/Q== |
| X-Received | by 2002:a24:edce:: with SMTP id r197-v6mr5889420ith.23.1532217481074; Sat, 21 Jul 2018 16:58:01 -0700 (PDT) |
| User-Agent | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 |
| In-Reply-To | <CAAnqJ08xXw8Ezq4mn_FGojcx6vi26d001foWFncUJt809XiS_w@mail.gmail.com> |
| Content-Language | en-US |
| X-Junkmail-Status | score=7/90, host=mpv4-2015.case.edu |
| X-Junkmail-PrAS-Raw | score=7/90, refid=2.7.2:2018.7.21.233016:17:7.944, ip=, rules=__YOUTUBE_RCVD, __HAS_REPLYTO, __HAS_CC_HDR, __SUBJ_REPLY, __BOUNCE_CHALLENGE_SUBJ, __BOUNCE_NDR_SUBJ_EXEMPT, __SUBJ_ALPHA_END, __TO_MALFORMED_2, __TO_NAME, __TO_NAME_DIFF_FROM_ACC, __REFERENCES, __HAS_FROM, FROM_EDU_TLD, __HAS_MSGID, __SANE_MSGID, DATE_TZ_NA, __USER_AGENT, __MOZILLA_USER_AGENT, __MIME_VERSION, __IN_REP_TO, __CT, __CT_TEXT_PLAIN, __CTE, __REPLYTO_SAMEAS_FROM_ADDY, __REPLYTO_SAMEAS_FROM_ACC, __FROM_DOMAIN_IN_ANY_CC1, __FROM_DOMAIN_IN_ANY_CC2, __REPLYTO_SAMEAS_FROM_DOMAIN, __ANY_URI, __URI_WITH_PATH, __URI_NO_WWW, __CP_URI_IN_BODY, __FRAUD_MONEY_CURRENCY_DOLLAR, __SUBJ_ALPHA_NEGATE, __URI_IN_BODY, __URI_NOT_IMG, __FORWARDED_MSG, __NO_HTML_TAG_RAW, BODYTEXTP_SIZE_3000_LESS, BODY_SIZE_800_899, __MIME_TEXT_P1, __MIME_TEXT_ONLY, __URI_NS, HTML_00_01, HTML_00_10, __FRAUD_MONEY_CURRENCY, BODY_SIZE_5000_LESS, IN_REP_TO, MSG_THREAD, [TRUNCATED], so=2010-03-03 19:42:08, dmn=2016-08-03-0138 |
| X-detected-operating-system | by eggs.gnu.org: GNU/Linux 2.4.x-2.6.x [generic] [fuzzy] |
| X-Received-From | 129.22.103.195 |
| X-BeenThere | bug-bash@gnu.org |
| X-Mailman-Version | 2.1.21 |
| Precedence | list |
| List-Id | Bug reports for the GNU Bourne Again SHell <bug-bash.gnu.org> |
| List-Unsubscribe | <https://lists.gnu.org/mailman/options/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=unsubscribe> |
| List-Archive | <http://lists.gnu.org/archive/html/bug-bash/> |
| List-Post | <mailto:bug-bash@gnu.org> |
| List-Help | <mailto:bug-bash-request@gnu.org?subject=help> |
| List-Subscribe | <https://lists.gnu.org/mailman/listinfo/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=subscribe> |
| Xref | csiph.com gnu.bash.bug:14383 |
Show key headers only | View raw
On 7/21/18 2:47 PM, Chris Schoenberg wrote:
> This only works in 4.4; earlier versions throw a 'bad substitution' error. It
> causes an infinite loop of calls between 'expand_prompt_string' and
> 'decode_prompt_string',
> where calls to 'xmalloc' exhaust the heap:
>
> $\{_@P};${_@P}
>
> I decided to report this because it is not a user-defined recursive
> function and it exhausts the heap rather than the stack.
It's user-defined recursive parameter expansion. A string that undergoes
prompt expansion performs parameter expansion, as documented. If that
parameter expansion passes the same string to prompt expansion, which
performs parameter expansion, you've got user-defined recursion.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU chet@case.edu http://tiswww.cwru.edu/~chet/
Back to gnu.bash.bug | Previous | Next | Find similar | Unroll thread
Re: v4.4 segfault in 'decode_prompt_string' when processing special parameter Chet Ramey <chet.ramey@case.edu> - 2018-07-21 19:57 -0400
csiph-web