Path: csiph.com!goblin2!goblin1!goblin.stu.neva.ru!usenet.stanford.edu!not-for-mail From: Jakub Wilk Newsgroups: gnu.bash.bug Subject: Re: bash -n: stack overflow in extract_delimited_string() Date: Mon, 3 Aug 2020 19:35:59 +0200 Lines: 31 Approved: bug-bash@gnu.org Message-ID: References: <20200803093054.gu6fmxi4eqi7hz45@jwilk.net> <7177240a-2e57-49c2-e35a-7bb16bfc12e3@case.edu> <20200803173559.nwrhjxgbnv2hnj2a@jwilk.net> NNTP-Posting-Host: lists.gnu.org Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 8bit X-Trace: usenet.stanford.edu 1596476170 27551 209.51.188.17 (3 Aug 2020 17:36:10 GMT) X-Complaints-To: action@cs.stanford.edu To: Envelope-to: bug-bash@gnu.org Authentication-Results: garm.ovh; auth=pass (GARM-98R0020e0b57cf-ef71-4a0b-bac0-4ecb9dd52f35, F40D6CC01FD9521AEE478BEB1506047368CCBD5F) smtp.auth=jwilk@jwilk.net Content-Disposition: inline In-Reply-To: <7177240a-2e57-49c2-e35a-7bb16bfc12e3@case.edu> User-Agent: NeoMutt/20180716 X-Originating-IP: [37.59.142.98] X-ClientProxiedBy: DAG9EX2.mxp6.local (172.16.2.82) To DAG4EX2.mxp6.local (172.16.2.32) X-Ovh-Tracer-GUID: 8defcdc7-edf2-4f67-8025-a0879a822707 X-Ovh-Tracer-Id: 5404319554367641367 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: 0 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeduiedrjeeggdduudehucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucenucfjughrpeffhffvuffkfhggtggugfgjfghisehtkeertddtreejnecuhfhrohhmpeflrghkuhgsucghihhlkhcuoehjfihilhhksehjfihilhhkrdhnvghtqeenucggtffrrghtthgvrhhnpefhffdtueelvedvffefgfejveehudejgfeikeetudejieeuvdfghfduudegffeujeenucfkpheptddrtddrtddrtddpfeejrdehledrudegvddrleeknecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmohguvgepshhmthhpqdhouhhtpdhhvghlohepmhigphhlrghniedrmhgrihhlrdhovhhhrdhnvghtpdhinhgvtheptddrtddrtddrtddpmhgrihhlfhhrohhmpehjfihilhhksehjfihilhhkrdhnvghtpdhrtghpthhtohepsghughdqsggrshhhsehgnhhurdhorhhg Received-SPF: pass client-ip=178.32.125.2; envelope-from=jwilk@jwilk.net; helo=smtpout1.mo529.mail-out.ovh.net X-detected-operating-system: by eggs.gnu.org: First seen = 2020/08/03 13:36:01 X-ACL-Warn: Detected OS = Linux 3.11 and newer X-Spam_score_int: -28 X-Spam_score: -2.9 X-Spam_bar: -- X-Spam_report: (-2.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: bug-bash@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Bug reports for the GNU Bourne Again SHell List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Mailman-Original-Message-ID: <20200803173559.nwrhjxgbnv2hnj2a@jwilk.net> X-Mailman-Original-References: <20200803093054.gu6fmxi4eqi7hz45@jwilk.net> <7177240a-2e57-49c2-e35a-7bb16bfc12e3@case.edu> Xref: csiph.com gnu.bash.bug:16687 * Chet Ramey , 2020-08-03, 09:15: >On 8/3/20 5:30 AM, Jakub Wilk wrote: > >> Bash Version: 5.0 >> Patch Level: 18 >> Release Status: release >> >> bash crashes with stack overflow when checking syntax of this crafted script: >> >>   $ ulimit -s >>   8192 >> >>   $ printf 'x[$(($(fi)))`\n%050000d\n][`]\n' | tr 0 '(' | bash -n >>   bash: command substitution: line 4: syntax error near unexpected token `fi' >>   bash: command substitution: line 4: `fi)))`' >>   Segmentation fault > >I can't reproduce this with bash-5.1-alpha. Oh right, looks like this was fixed in the 20191108 snapshot, probably by this change: parse.y - xparse_dolparen: if the command substitution is incomplete or doesn't end in `)', print an error message instead of allowing EOS to terminate the comsub. From a bug report from Oguz -- Jakub Wilk