Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > gnu.bash.bug > #16687
| Path | csiph.com!goblin2!goblin1!goblin.stu.neva.ru!usenet.stanford.edu!not-for-mail |
|---|---|
| From | Jakub Wilk <jwilk@jwilk.net> |
| Newsgroups | gnu.bash.bug |
| Subject | Re: bash -n: stack overflow in extract_delimited_string() |
| Date | Mon, 3 Aug 2020 19:35:59 +0200 |
| Lines | 31 |
| Approved | bug-bash@gnu.org |
| Message-ID | <mailman.682.1596476169.2739.bug-bash@gnu.org> (permalink) |
| References | <20200803093054.gu6fmxi4eqi7hz45@jwilk.net> <7177240a-2e57-49c2-e35a-7bb16bfc12e3@case.edu> <20200803173559.nwrhjxgbnv2hnj2a@jwilk.net> |
| NNTP-Posting-Host | lists.gnu.org |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset="utf-8"; format=flowed |
| Content-Transfer-Encoding | 8bit |
| X-Trace | usenet.stanford.edu 1596476170 27551 209.51.188.17 (3 Aug 2020 17:36:10 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| To | <bug-bash@gnu.org> |
| Envelope-to | bug-bash@gnu.org |
| Authentication-Results | garm.ovh; auth=pass (GARM-98R0020e0b57cf-ef71-4a0b-bac0-4ecb9dd52f35, F40D6CC01FD9521AEE478BEB1506047368CCBD5F) smtp.auth=jwilk@jwilk.net |
| Content-Disposition | inline |
| In-Reply-To | <7177240a-2e57-49c2-e35a-7bb16bfc12e3@case.edu> |
| User-Agent | NeoMutt/20180716 |
| X-Originating-IP | [37.59.142.98] |
| X-ClientProxiedBy | DAG9EX2.mxp6.local (172.16.2.82) To DAG4EX2.mxp6.local (172.16.2.32) |
| X-Ovh-Tracer-GUID | 8defcdc7-edf2-4f67-8025-a0879a822707 |
| X-Ovh-Tracer-Id | 5404319554367641367 |
| X-VR-SPAMSTATE | OK |
| X-VR-SPAMSCORE | 0 |
| X-VR-SPAMCAUSE | gggruggvucftvghtrhhoucdtuddrgeduiedrjeeggdduudehucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucenucfjughrpeffhffvuffkfhggtggugfgjfghisehtkeertddtreejnecuhfhrohhmpeflrghkuhgsucghihhlkhcuoehjfihilhhksehjfihilhhkrdhnvghtqeenucggtffrrghtthgvrhhnpefhffdtueelvedvffefgfejveehudejgfeikeetudejieeuvdfghfduudegffeujeenucfkpheptddrtddrtddrtddpfeejrdehledrudegvddrleeknecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmohguvgepshhmthhpqdhouhhtpdhhvghlohepmhigphhlrghniedrmhgrihhlrdhovhhhrdhnvghtpdhinhgvtheptddrtddrtddrtddpmhgrihhlfhhrohhmpehjfihilhhksehjfihilhhkrdhnvghtpdhrtghpthhtohepsghughdqsggrshhhsehgnhhurdhorhhg |
| Received-SPF | pass client-ip=178.32.125.2; envelope-from=jwilk@jwilk.net; helo=smtpout1.mo529.mail-out.ovh.net |
| X-detected-operating-system | by eggs.gnu.org: First seen = 2020/08/03 13:36:01 |
| X-ACL-Warn | Detected OS = Linux 3.11 and newer |
| X-Spam_score_int | -28 |
| X-Spam_score | -2.9 |
| X-Spam_bar | -- |
| X-Spam_report | (-2.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no |
| X-Spam_action | no action |
| X-BeenThere | bug-bash@gnu.org |
| X-Mailman-Version | 2.1.23 |
| Precedence | list |
| List-Id | Bug reports for the GNU Bourne Again SHell <bug-bash.gnu.org> |
| List-Unsubscribe | <https://lists.gnu.org/mailman/options/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=unsubscribe> |
| List-Archive | <https://lists.gnu.org/archive/html/bug-bash> |
| List-Post | <mailto:bug-bash@gnu.org> |
| List-Help | <mailto:bug-bash-request@gnu.org?subject=help> |
| List-Subscribe | <https://lists.gnu.org/mailman/listinfo/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=subscribe> |
| X-Mailman-Original-Message-ID | <20200803173559.nwrhjxgbnv2hnj2a@jwilk.net> |
| X-Mailman-Original-References | <20200803093054.gu6fmxi4eqi7hz45@jwilk.net> <7177240a-2e57-49c2-e35a-7bb16bfc12e3@case.edu> |
| Xref | csiph.com gnu.bash.bug:16687 |
Show key headers only | View raw
* Chet Ramey <chet.ramey@case.edu>, 2020-08-03, 09:15:
>On 8/3/20 5:30 AM, Jakub Wilk wrote:
>
>> Bash Version: 5.0
>> Patch Level: 18
>> Release Status: release
>>
>> bash crashes with stack overflow when checking syntax of this crafted script:
>>
>> $ ulimit -s
>> 8192
>>
>> $ printf 'x[$(($(fi)))`\n%050000d\n][`]\n' | tr 0 '(' | bash -n
>> bash: command substitution: line 4: syntax error near unexpected token `fi'
>> bash: command substitution: line 4: `fi)))`'
>> Segmentation fault
>
>I can't reproduce this with bash-5.1-alpha.
Oh right, looks like this was fixed in the 20191108 snapshot, probably
by this change:
parse.y
- xparse_dolparen: if the command substitution is incomplete or doesn't
end in `)', print an error message instead of allowing EOS to
terminate the comsub. From a bug report from
Oguz <oguzismailuysal@gmail.com>
--
Jakub Wilk
Back to gnu.bash.bug | Previous | Next | Find similar
Re: bash -n: stack overflow in extract_delimited_string() Jakub Wilk <jwilk@jwilk.net> - 2020-08-03 19:35 +0200
csiph-web