Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > gnu.bash.bug > #11730
| Path | csiph.com!xmission!news.glorb.com!usenet.stanford.edu!not-for-mail |
|---|---|
| From | Chet Ramey <chet.ramey@case.edu> |
| Newsgroups | gnu.bash.bug |
| Subject | Re: Bash crash |
| Date | Wed, 21 Oct 2015 08:50:34 -0400 |
| Lines | 26 |
| Approved | bug-bash@gnu.org |
| Message-ID | <mailman.727.1445431852.7904.bug-bash@gnu.org> (permalink) |
| References | <C2FB93DF99E5FD43B0413EDB326AE2AA2B942E8F@ESGSCMB107.ericsson.se> <56264216.2060606@case.edu> <C2FB93DF99E5FD43B0413EDB326AE2AA2B94421D@ESGSCMB107.ericsson.se> |
| Reply-To | chet.ramey@case.edu |
| NNTP-Posting-Host | lists.gnu.org |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=utf-8 |
| Content-Transfer-Encoding | 7bit |
| X-Trace | usenet.stanford.edu 1445431852 8894 208.118.235.17 (21 Oct 2015 12:50:52 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| Cc | chet.ramey@case.edu |
| To | Kai Wang X <kai.x.wang@ericsson.com>, "bug-bash@gnu.org" <bug-bash@gnu.org> |
| Envelope-to | bug-bash@gnu.org |
| User-Agent | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 |
| In-Reply-To | <C2FB93DF99E5FD43B0413EDB326AE2AA2B94421D@ESGSCMB107.ericsson.se> |
| X-Junkmail-Status | score=10/60, host=mpv5.cwru.edu |
| X-Junkmail-Whitelist | YES (by domain whitelist at mpv1.tis.cwru.edu) |
| X-detected-operating-system | by eggs.gnu.org: GNU/Linux 2.4.x-2.6.x [generic] |
| X-Received-From | 129.22.105.36 |
| X-BeenThere | bug-bash@gnu.org |
| X-Mailman-Version | 2.1.14 |
| Precedence | list |
| List-Id | Bug reports for the GNU Bourne Again SHell <bug-bash.gnu.org> |
| List-Unsubscribe | <https://lists.gnu.org/mailman/options/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=unsubscribe> |
| List-Archive | <http://lists.gnu.org/archive/html/bug-bash> |
| List-Post | <mailto:bug-bash@gnu.org> |
| List-Help | <mailto:bug-bash-request@gnu.org?subject=help> |
| List-Subscribe | <https://lists.gnu.org/mailman/listinfo/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=subscribe> |
| Xref | csiph.com gnu.bash.bug:11730 |
Show key headers only | View raw
On 10/20/15 10:29 PM, Kai Wang X wrote: > Hi Chet, > > Thank you for your response. > > But it does not make sense since sbrk failure will be checked: > > mp = (union mhead *) sbrk (sbrk_amt); > > /* Totally out of memory. */ > if ((long)mp == -1) > goto morecore_done; Sure, sbrk failure is checked, but not whether it returns an invalid value. The segmentation fault occurs when the bash malloc attempts to dereference the value returned by sbrk. If the memory access generates a fault, it's either 0 or out of bounds. Either way, sbrk returned a bad value without raising an error. Chet -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, ITS, CWRU chet@case.edu http://cnswww.cns.cwru.edu/~chet/
Back to gnu.bash.bug | Previous | Next | Find similar
Re: Bash crash Chet Ramey <chet.ramey@case.edu> - 2015-10-21 08:50 -0400
csiph-web