Path: csiph.com!goblin2!goblin1!goblin.stu.neva.ru!usenet.stanford.edu!not-for-mail From: Chet Ramey Newsgroups: gnu.bash.bug Subject: Re: bash -n: stack overflow in extract_delimited_string() Date: Mon, 3 Aug 2020 09:15:19 -0400 Organization: ITS, Case Western Reserve University Lines: 24 Approved: bug-bash@gnu.org Message-ID: References: <20200803093054.gu6fmxi4eqi7hz45@jwilk.net> <7177240a-2e57-49c2-e35a-7bb16bfc12e3@case.edu> Reply-To: chet.ramey@case.edu NNTP-Posting-Host: lists.gnu.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Trace: usenet.stanford.edu 1596460528 17421 209.51.188.17 (3 Aug 2020 13:15:28 GMT) X-Complaints-To: action@cs.stanford.edu Cc: chet.ramey@case.edu To: Jakub Wilk , bug-bash@gnu.org Envelope-to: bug-bash@gnu.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=case.edu; s=smtp-primary; t=1596460523; bh=Bb9URLvxxm21h15u65oCeWH7nHPysYWeR4TJfO6JGLA=; h=Reply-To:Cc:Subject:To:References:From:Message-ID:Date: MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=3b2o6dv/0qfogUc2cyfB7JZzYwL/cvYBx8PhKajAPT5P7vSqAvL2lH+9DRqFQcDNE4 q07lV2R3RbW7PPhOPz21zkPcWzCjfMkyE7y+NpnGejv8NIPqu3YP+RfXLaMDkSHkkV6 KdpLz3BUIb4368MOQWXZYlyOPKaay452/mfYuhl2Zvz7J8/KiuPn84sJamB6gTs4j/H eBFpOZjFQ+fk115FSiiOuEpJKu0TLi5a4gLaTa852xON/h5WDV5bFajQdCYqT64LL8q nvn0Zq8bpJe+jrAxKiM18SBm9cUplwXEkM9Iy4DqyVrbKNw6cIVSTdjz31hmivjAwMx CaRrvyFQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=case.edu; s=smtp-primary; t=1596460521; bh=99qhg7gg7t1cAJf3xhWAxNFgbNXAWRQWMlTauyumNm0=; h=Reply-To:Cc:Subject:To:References:From:Message-ID:Date: MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=p1k5D7Hgffr4FOPenil4dGICCmNHB+JdF/d0u73hn5ksEoeeuTZP6yIJl2pQ8/FGRw +uREM1RDSWGrCjjSvyuoQPzYVBwFodfELPun8DDLUTMCXWw5+jXXy0VclJ8ue82JTKw +Qu4Mz5Y29yxJV2zaH+HvXVu/KBXjXDarRMUsUidS5WgpfesLj6Pgj37355dCH7/RG+ ulg0kGsuhn+GbzBJ1oB90i5ITrJQYkqju2DOWqfgm/sgbCTjrLRpgbILrXe/Gwrnudg ak+IEVzsqhJaSfW2JpJrmZ00A3aA7XedhjcXtSx+WptMTxTpADRwoE+GAzdVbGK9y+1 7tg+E3Rw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=case.edu; s=g-case; h=reply-to:cc:subject:to:references:from:autocrypt:organization :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=99qhg7gg7t1cAJf3xhWAxNFgbNXAWRQWMlTauyumNm0=; b=bY+8mBDsPGaPNJwvMhqGkVcHuiZOyX4kNIK+2gIkcYgsHX1pULvi9eqPSU/p0DRuR0 NZSaWVdxlakGqacCiGihGch6LrLCWKF0+cw5aaFZtXr5XpKQ330EI4NraH6pnJEJ7XtI p1xZ2MzxiqVO4FZWKXtgKTXYXbQI/oDz831gYJFOhuQopaBuGrk7f/u2YqRzMelJJBmk K+KbHk/YCQCYb0GMT6SFs2gN6ynOcfpSphTq0yBtKIoolNMsc7UN8DbBC1E/9xS5YRLA HJI37ZhIle7Rzhlktiuyo2b84JeU/VPSYeyv4u45kKZ/GLqnBaTI5ag064ohDdIbCj9b jo0A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:reply-to:cc:subject:to:references:from:autocrypt :organization:message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=99qhg7gg7t1cAJf3xhWAxNFgbNXAWRQWMlTauyumNm0=; b=SbQ9ixrlSWNn991bl+eK50xpYw2oEUGtviF4bv5IeSMou/dd9butVz1b0Z3KHEcd/5 BG81Vx1YXuHVB6uoooOtxxqgOOxE9zoQLEyTAatIaL567M4iDvuRz0mPGSx3Z2aG4Fc4 TMICrWlxVkEV/RedZqVe5ZVb+uqWvPY5eeFi5NZPAMqS1GiBykBAIWdChNIrJ7KYLJ29 eqbz5FUIvXuXUz2XUhuwub/FpK9WYOpNhiXFxrMykoU8Fkb5yVMePczdk96/ea0qIT7r WjMA/Xh+AaiRAEX8K8e1XI7dVJQvtFUh6Gl8e49TpLbyThz6ppTxG3mmAHX44xmDm6VS 7J1w== X-Gm-Message-State: AOAM530kHInZRVzqJQBewOvcLz9QBeGu6mC8N3wNCk17V7lZACeYsS1u UrUBBJU+y/PXBAHbfzuzUw4xtODo3NlNNjR7EBlvIwLRl9EttfR9CTFM1UgkjZdRt0Z48iHKrd5 YuW8IAZ05JW8= X-Received: by 2002:ac8:1c6c:: with SMTP id j41mr16828323qtk.226.1596460521220; Mon, 03 Aug 2020 06:15:21 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzLP+O+WOSjWj66Oe9QHTC/ye9zFD/lFykBs8Lbyq1JGC2TIBU2jkxpT5qeqVMUZD+gBp2M/w== X-Received: by 2002:ac8:1c6c:: with SMTP id j41mr16828304qtk.226.1596460520956; Mon, 03 Aug 2020 06:15:20 -0700 (PDT) Autocrypt: addr=chet.ramey@case.edu; prefer-encrypt=mutual; keydata= mQGiBEEOsGwRBACFa0A1oa71HSZLWxAx0svXzhOZNQZOzqHmSuGOG92jIpQpr8DpvgRh40Yp AwdcXb8QG1J5yGAKeevNE1zCFaA725vGSdHUyypHouV0xoWwukYO6qlyyX+2BZU+okBUqoWQ koWxiYaCSfzB2Ln7pmdys1fJhcgBKf3VjWCjd2XJTwCgoFJOwyBFJdugjfwjSoRSwDOIMf0D /iQKqlWhIO1LGpMrGX0il0/x4zj0NAcSwAk7LaPZbN4UPjn5pqGEHBlf1+xDDQCkAoZ/VqES GZragl4VqJfxBr29Ag0UDvNbUbXoxQsARdero1M8GiAIRc50hj7HXFoERwenbNDJL86GPLAQ OTGOCa4W2o29nFfFjQrsrrYHzVtyA/9oyKvTeEMJ7NA3VJdWcmn7gOu0FxEmSNhSoV1T4vP2 1Wf7f5niCCRKQLNyUy0wEApQi4tSysdz+AbgAc0b/bHYVzIf2uO2lIEZQNNt+3g2bmXgloWm W5fsm/di50Gm1l1Na63d3RZ00SeFQos6WEwLUHEB0yp6KXluXLLIZitEJLQwQ2hldCBSYW1l eSAoQ2FzZSBzdGFuZGFyZCkgPGNoZXQucmFtZXlAY2FzZS5lZHU+iF8EExECAB8FAkPi19EC GwMHCwkIBwMCAQMVAgMDFgIBAh4BAheAAAoJELtYafBk6nSrelkAn31Gsuib7GcCZHbv5L5t VKYR9LklAJ4hzUHKA49Z0QXR+qCb80osIcmPSbkBDQRBDrBvEAQAkK6TAOKBEM+EC4j6V/7o /riVZqcgU5cid2qG9TXdwNtD9a3kvA/ObZBO93sX59wc6Bnwo4VJxsOmMlpGrAjJsxNwg3QH akEtf8LXRbVpj5xStdmBdQZUhIQyalo/2/TZq5OijtddUQcL5cs70hTv/FpT3wUvr2Xr8rjF 41IFEz8AAwcD/A0CZEGlzIrT5WCBnl6xBog/8vKiUCbarByat3d1mL6DbizvKNXQRTC9E/vE dENAWCQCjr75Bu55xT8n3SXGtWdDC5xmZ/P3OBYORP8yl8H8I1FIosWOFirbIeYdZPq8SPD1 HL+EXo9zSiHVrrZRJ19ooCKKbSdXHFCY+aJG+0KZiEkEGBECAAkFAkEOsG8CGwwACgkQu1hp 8GTqdKvjcACfZlkVCDwaz/NTO9cy3t69oWpVPNwAnRwe0qk/WL/gfhH346xh5B3HFbFN User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 In-Reply-To: <20200803093054.gu6fmxi4eqi7hz45@jwilk.net> Content-Language: en-US X-Mirapoint-IP-Reputation: reputation=Good-1, source=Queried, refid=tid=0001.0A020303.5F2801B4.008E, actions=tag X-Mirapoint-IP-Reputation: reputation=good-1, source=Fixed, refid=n/a, actions=tag X-Junkmail-Status: score=7/80, host=mpv3-2015.case.edu X-Junkmail-PrAS-Raw: score=7/80, refid=2.7.2:2020.8.3.124518:17:7.944, ip=, rules=__YOUTUBE_RCVD, DKIM_SIGNATURE, __X_GOOGLE_DKIM_SIGNATURE, __HAS_REPLYTO, __HAS_CC_HDR, __SUBJ_REPLY, __BOUNCE_CHALLENGE_SUBJ, __BOUNCE_NDR_SUBJ_EXEMPT, __TO_MALFORMED_2, __MULTIPLE_RCPTS_TO_X2, __TO_NAME, __TO_NAME_DIFF_FROM_ACC, __HAS_REFERENCES, __REFERENCES, __HAS_FROM, FROM_EDU_TLD, __HAS_MSGID, __SANE_MSGID, DATE_TZ_NA, __USER_AGENT, __MOZILLA_USER_AGENT, __MIME_VERSION, __IN_REP_TO, __CT, __CT_TEXT_PLAIN, __CTE, __REPLYTO_SAMEAS_FROM_ADDY, __REPLYTO_SAMEAS_FROM_ACC, __FROM_DOMAIN_IN_ANY_CC1, __FROM_DOMAIN_IN_ANY_CC2, __REPLYTO_SAMEAS_FROM_DOMAIN, __DKIM_ALIGNS_1, __DKIM_ALIGNS_2, __ANY_URI, __URI_MAILTO, __URI_WITH_PATH, __URI_ENDS_IN_SLASH, __URI_NO_WWW, __CP_URI_IN_BODY, __STOCK_PHRASE_7, __FRAUD_MONEY_CURRENCY_DOLLAR, __SUBJ_ALPHA_NEGATE, __URI_IN_BODY, __URI_NOT_IMG, __MAIL_CHAIN, __FORWARDED_MSG, __BODY_NO_MAILTO, __NO_HTML_TAG_RAW, [TRUNCATED], so=2010-03-03 19:42:08, dmn=2016-08-03-0138 Received-SPF: pass client-ip=129.22.103.194; envelope-from=chet.ramey@case.edu; helo=mpv3-2015.case.edu X-detected-operating-system: by eggs.gnu.org: First seen = 2020/08/03 08:57:41 X-ACL-Warn: Detected OS = Linux 2.4.x-2.6.x [generic] X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: bug-bash@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Bug reports for the GNU Bourne Again SHell List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Mailman-Original-Message-ID: <7177240a-2e57-49c2-e35a-7bb16bfc12e3@case.edu> X-Mailman-Original-References: <20200803093054.gu6fmxi4eqi7hz45@jwilk.net> Xref: csiph.com gnu.bash.bug:16686 On 8/3/20 5:30 AM, Jakub Wilk wrote: > Bash Version: 5.0 > Patch Level: 18 > Release Status: release > > bash crashes with stack overflow when checking syntax of this crafted script: > >   $ ulimit -s >   8192 > >   $ printf 'x[$(($(fi)))`\n%050000d\n][`]\n' | tr 0 '(' | bash -n >   bash: command substitution: line 4: syntax error near unexpected token `fi' >   bash: command substitution: line 4: `fi)))`' >   Segmentation fault I can't reproduce this with bash-5.1-alpha. -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, UTech, CWRU chet@case.edu http://tiswww.cwru.edu/~chet/