Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > gnu.bash.bug > #16686
| Path | csiph.com!goblin2!goblin1!goblin.stu.neva.ru!usenet.stanford.edu!not-for-mail |
|---|---|
| From | Chet Ramey <chet.ramey@case.edu> |
| Newsgroups | gnu.bash.bug |
| Subject | Re: bash -n: stack overflow in extract_delimited_string() |
| Date | Mon, 3 Aug 2020 09:15:19 -0400 |
| Organization | ITS, Case Western Reserve University |
| Lines | 24 |
| Approved | bug-bash@gnu.org |
| Message-ID | <mailman.660.1596460527.2739.bug-bash@gnu.org> (permalink) |
| References | <20200803093054.gu6fmxi4eqi7hz45@jwilk.net> <7177240a-2e57-49c2-e35a-7bb16bfc12e3@case.edu> |
| Reply-To | chet.ramey@case.edu |
| NNTP-Posting-Host | lists.gnu.org |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=utf-8 |
| Content-Transfer-Encoding | 8bit |
| X-Trace | usenet.stanford.edu 1596460528 17421 209.51.188.17 (3 Aug 2020 13:15:28 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| Cc | chet.ramey@case.edu |
| To | Jakub Wilk <jwilk@jwilk.net>, bug-bash@gnu.org |
| Envelope-to | bug-bash@gnu.org |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=case.edu; s=smtp-primary; t=1596460523; bh=Bb9URLvxxm21h15u65oCeWH7nHPysYWeR4TJfO6JGLA=; h=Reply-To:Cc:Subject:To:References:From:Message-ID:Date: MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=3b2o6dv/0qfogUc2cyfB7JZzYwL/cvYBx8PhKajAPT5P7vSqAvL2lH+9DRqFQcDNE4 q07lV2R3RbW7PPhOPz21zkPcWzCjfMkyE7y+NpnGejv8NIPqu3YP+RfXLaMDkSHkkV6 KdpLz3BUIb4368MOQWXZYlyOPKaay452/mfYuhl2Zvz7J8/KiuPn84sJamB6gTs4j/H eBFpOZjFQ+fk115FSiiOuEpJKu0TLi5a4gLaTa852xON/h5WDV5bFajQdCYqT64LL8q nvn0Zq8bpJe+jrAxKiM18SBm9cUplwXEkM9Iy4DqyVrbKNw6cIVSTdjz31hmivjAwMx CaRrvyFQ== |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=case.edu; s=smtp-primary; t=1596460521; bh=99qhg7gg7t1cAJf3xhWAxNFgbNXAWRQWMlTauyumNm0=; h=Reply-To:Cc:Subject:To:References:From:Message-ID:Date: MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=p1k5D7Hgffr4FOPenil4dGICCmNHB+JdF/d0u73hn5ksEoeeuTZP6yIJl2pQ8/FGRw +uREM1RDSWGrCjjSvyuoQPzYVBwFodfELPun8DDLUTMCXWw5+jXXy0VclJ8ue82JTKw +Qu4Mz5Y29yxJV2zaH+HvXVu/KBXjXDarRMUsUidS5WgpfesLj6Pgj37355dCH7/RG+ ulg0kGsuhn+GbzBJ1oB90i5ITrJQYkqju2DOWqfgm/sgbCTjrLRpgbILrXe/Gwrnudg ak+IEVzsqhJaSfW2JpJrmZ00A3aA7XedhjcXtSx+WptMTxTpADRwoE+GAzdVbGK9y+1 7tg+E3Rw== |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=case.edu; s=g-case; h=reply-to:cc:subject:to:references:from:autocrypt:organization :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=99qhg7gg7t1cAJf3xhWAxNFgbNXAWRQWMlTauyumNm0=; b=bY+8mBDsPGaPNJwvMhqGkVcHuiZOyX4kNIK+2gIkcYgsHX1pULvi9eqPSU/p0DRuR0 NZSaWVdxlakGqacCiGihGch6LrLCWKF0+cw5aaFZtXr5XpKQ330EI4NraH6pnJEJ7XtI p1xZ2MzxiqVO4FZWKXtgKTXYXbQI/oDz831gYJFOhuQopaBuGrk7f/u2YqRzMelJJBmk K+KbHk/YCQCYb0GMT6SFs2gN6ynOcfpSphTq0yBtKIoolNMsc7UN8DbBC1E/9xS5YRLA HJI37ZhIle7Rzhlktiuyo2b84JeU/VPSYeyv4u45kKZ/GLqnBaTI5ag064ohDdIbCj9b jo0A== |
| X-Google-DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:reply-to:cc:subject:to:references:from:autocrypt :organization:message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=99qhg7gg7t1cAJf3xhWAxNFgbNXAWRQWMlTauyumNm0=; b=SbQ9ixrlSWNn991bl+eK50xpYw2oEUGtviF4bv5IeSMou/dd9butVz1b0Z3KHEcd/5 BG81Vx1YXuHVB6uoooOtxxqgOOxE9zoQLEyTAatIaL567M4iDvuRz0mPGSx3Z2aG4Fc4 TMICrWlxVkEV/RedZqVe5ZVb+uqWvPY5eeFi5NZPAMqS1GiBykBAIWdChNIrJ7KYLJ29 eqbz5FUIvXuXUz2XUhuwub/FpK9WYOpNhiXFxrMykoU8Fkb5yVMePczdk96/ea0qIT7r WjMA/Xh+AaiRAEX8K8e1XI7dVJQvtFUh6Gl8e49TpLbyThz6ppTxG3mmAHX44xmDm6VS 7J1w== |
| X-Gm-Message-State | AOAM530kHInZRVzqJQBewOvcLz9QBeGu6mC8N3wNCk17V7lZACeYsS1u UrUBBJU+y/PXBAHbfzuzUw4xtODo3NlNNjR7EBlvIwLRl9EttfR9CTFM1UgkjZdRt0Z48iHKrd5 YuW8IAZ05JW8= |
| X-Received | by 2002:ac8:1c6c:: with SMTP id j41mr16828323qtk.226.1596460521220; Mon, 03 Aug 2020 06:15:21 -0700 (PDT) |
| X-Google-Smtp-Source | ABdhPJzLP+O+WOSjWj66Oe9QHTC/ye9zFD/lFykBs8Lbyq1JGC2TIBU2jkxpT5qeqVMUZD+gBp2M/w== |
| X-Received | by 2002:ac8:1c6c:: with SMTP id j41mr16828304qtk.226.1596460520956; Mon, 03 Aug 2020 06:15:20 -0700 (PDT) |
| Autocrypt | addr=chet.ramey@case.edu; prefer-encrypt=mutual; keydata= mQGiBEEOsGwRBACFa0A1oa71HSZLWxAx0svXzhOZNQZOzqHmSuGOG92jIpQpr8DpvgRh40Yp AwdcXb8QG1J5yGAKeevNE1zCFaA725vGSdHUyypHouV0xoWwukYO6qlyyX+2BZU+okBUqoWQ koWxiYaCSfzB2Ln7pmdys1fJhcgBKf3VjWCjd2XJTwCgoFJOwyBFJdugjfwjSoRSwDOIMf0D /iQKqlWhIO1LGpMrGX0il0/x4zj0NAcSwAk7LaPZbN4UPjn5pqGEHBlf1+xDDQCkAoZ/VqES GZragl4VqJfxBr29Ag0UDvNbUbXoxQsARdero1M8GiAIRc50hj7HXFoERwenbNDJL86GPLAQ OTGOCa4W2o29nFfFjQrsrrYHzVtyA/9oyKvTeEMJ7NA3VJdWcmn7gOu0FxEmSNhSoV1T4vP2 1Wf7f5niCCRKQLNyUy0wEApQi4tSysdz+AbgAc0b/bHYVzIf2uO2lIEZQNNt+3g2bmXgloWm W5fsm/di50Gm1l1Na63d3RZ00SeFQos6WEwLUHEB0yp6KXluXLLIZitEJLQwQ2hldCBSYW1l eSAoQ2FzZSBzdGFuZGFyZCkgPGNoZXQucmFtZXlAY2FzZS5lZHU+iF8EExECAB8FAkPi19EC GwMHCwkIBwMCAQMVAgMDFgIBAh4BAheAAAoJELtYafBk6nSrelkAn31Gsuib7GcCZHbv5L5t VKYR9LklAJ4hzUHKA49Z0QXR+qCb80osIcmPSbkBDQRBDrBvEAQAkK6TAOKBEM+EC4j6V/7o /riVZqcgU5cid2qG9TXdwNtD9a3kvA/ObZBO93sX59wc6Bnwo4VJxsOmMlpGrAjJsxNwg3QH akEtf8LXRbVpj5xStdmBdQZUhIQyalo/2/TZq5OijtddUQcL5cs70hTv/FpT3wUvr2Xr8rjF 41IFEz8AAwcD/A0CZEGlzIrT5WCBnl6xBog/8vKiUCbarByat3d1mL6DbizvKNXQRTC9E/vE dENAWCQCjr75Bu55xT8n3SXGtWdDC5xmZ/P3OBYORP8yl8H8I1FIosWOFirbIeYdZPq8SPD1 HL+EXo9zSiHVrrZRJ19ooCKKbSdXHFCY+aJG+0KZiEkEGBECAAkFAkEOsG8CGwwACgkQu1hp 8GTqdKvjcACfZlkVCDwaz/NTO9cy3t69oWpVPNwAnRwe0qk/WL/gfhH346xh5B3HFbFN |
| User-Agent | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 |
| In-Reply-To | <20200803093054.gu6fmxi4eqi7hz45@jwilk.net> |
| Content-Language | en-US |
| X-Mirapoint-IP-Reputation | reputation=Good-1, source=Queried, refid=tid=0001.0A020303.5F2801B4.008E, actions=tag |
| X-Mirapoint-IP-Reputation | reputation=good-1, source=Fixed, refid=n/a, actions=tag |
| X-Junkmail-Status | score=7/80, host=mpv3-2015.case.edu |
| X-Junkmail-PrAS-Raw | score=7/80, refid=2.7.2:2020.8.3.124518:17:7.944, ip=, rules=__YOUTUBE_RCVD, DKIM_SIGNATURE, __X_GOOGLE_DKIM_SIGNATURE, __HAS_REPLYTO, __HAS_CC_HDR, __SUBJ_REPLY, __BOUNCE_CHALLENGE_SUBJ, __BOUNCE_NDR_SUBJ_EXEMPT, __TO_MALFORMED_2, __MULTIPLE_RCPTS_TO_X2, __TO_NAME, __TO_NAME_DIFF_FROM_ACC, __HAS_REFERENCES, __REFERENCES, __HAS_FROM, FROM_EDU_TLD, __HAS_MSGID, __SANE_MSGID, DATE_TZ_NA, __USER_AGENT, __MOZILLA_USER_AGENT, __MIME_VERSION, __IN_REP_TO, __CT, __CT_TEXT_PLAIN, __CTE, __REPLYTO_SAMEAS_FROM_ADDY, __REPLYTO_SAMEAS_FROM_ACC, __FROM_DOMAIN_IN_ANY_CC1, __FROM_DOMAIN_IN_ANY_CC2, __REPLYTO_SAMEAS_FROM_DOMAIN, __DKIM_ALIGNS_1, __DKIM_ALIGNS_2, __ANY_URI, __URI_MAILTO, __URI_WITH_PATH, __URI_ENDS_IN_SLASH, __URI_NO_WWW, __CP_URI_IN_BODY, __STOCK_PHRASE_7, __FRAUD_MONEY_CURRENCY_DOLLAR, __SUBJ_ALPHA_NEGATE, __URI_IN_BODY, __URI_NOT_IMG, __MAIL_CHAIN, __FORWARDED_MSG, __BODY_NO_MAILTO, __NO_HTML_TAG_RAW, [TRUNCATED], so=2010-03-03 19:42:08, dmn=2016-08-03-0138 |
| Received-SPF | pass client-ip=129.22.103.194; envelope-from=chet.ramey@case.edu; helo=mpv3-2015.case.edu |
| X-detected-operating-system | by eggs.gnu.org: First seen = 2020/08/03 08:57:41 |
| X-ACL-Warn | Detected OS = Linux 2.4.x-2.6.x [generic] |
| X-Spam_score_int | -43 |
| X-Spam_score | -4.4 |
| X-Spam_bar | ---- |
| X-Spam_report | (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=ham autolearn_force=no |
| X-Spam_action | no action |
| X-BeenThere | bug-bash@gnu.org |
| X-Mailman-Version | 2.1.23 |
| Precedence | list |
| List-Id | Bug reports for the GNU Bourne Again SHell <bug-bash.gnu.org> |
| List-Unsubscribe | <https://lists.gnu.org/mailman/options/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=unsubscribe> |
| List-Archive | <https://lists.gnu.org/archive/html/bug-bash> |
| List-Post | <mailto:bug-bash@gnu.org> |
| List-Help | <mailto:bug-bash-request@gnu.org?subject=help> |
| List-Subscribe | <https://lists.gnu.org/mailman/listinfo/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=subscribe> |
| X-Mailman-Original-Message-ID | <7177240a-2e57-49c2-e35a-7bb16bfc12e3@case.edu> |
| X-Mailman-Original-References | <20200803093054.gu6fmxi4eqi7hz45@jwilk.net> |
| Xref | csiph.com gnu.bash.bug:16686 |
Show key headers only | View raw
On 8/3/20 5:30 AM, Jakub Wilk wrote:
> Bash Version: 5.0
> Patch Level: 18
> Release Status: release
>
> bash crashes with stack overflow when checking syntax of this crafted script:
>
> $ ulimit -s
> 8192
>
> $ printf 'x[$(($(fi)))`\n%050000d\n][`]\n' | tr 0 '(' | bash -n
> bash: command substitution: line 4: syntax error near unexpected token `fi'
> bash: command substitution: line 4: `fi)))`'
> Segmentation fault
I can't reproduce this with bash-5.1-alpha.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU chet@case.edu http://tiswww.cwru.edu/~chet/
Back to gnu.bash.bug | Previous | Next | Find similar
Re: bash -n: stack overflow in extract_delimited_string() Chet Ramey <chet.ramey@case.edu> - 2020-08-03 09:15 -0400
csiph-web