Path: csiph.com!xmission!news.snarked.org!news.linkpendium.com!news.linkpendium.com!panix!usenet.stanford.edu!not-for-mail
From: Fergus Henderson <fergus@google.com>
Newsgroups: gnu.bash.bug
Subject: seg fault after interrupting time of shell function
Date: Wed, 3 Jul 2019 16:21:15 +0100
Lines: 65
Approved: bug-bash@gnu.org
Message-ID: <mailman.76.1562174610.2688.bug-bash@gnu.org>
References: <CAPXkjd8hZ25JtBzpqnMHUpZOCfSo5SmjR5vWnxhra+0OkC9GDw@mail.gmail.com>
NNTP-Posting-Host: lists.gnu.org
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
X-Trace: usenet.stanford.edu 1562174611 18390 209.51.188.17 (3 Jul 2019 17:23:31 GMT)
X-Complaints-To: action@cs.stanford.edu
To: bug-bash@gnu.org, bash@packages.debian.org
Envelope-to: bug-bash@gnu.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=k4W6uhjJb2xnrHx7fPBdkrtjrVLv585GqCnkbEsF2rw=; b=kc95JVHQxz+TbCX0B1Fz7HcbYWwLmZ3dTKx9Nc2O1qCsZFi7XmsJgbiVWPwGQ4wbwT gKL1Tr5D5JFPF4ZAH7loPTF0d5quvP/fN8StJzuMCBqlBvystCCHzDH+dtCX+ZlEP8Rg LXbhLh5o3EvtXp63JVGrFhdV9uPf1P5f2BkCOcgexoWBiuvBAlSkbPRleZE+NCisZgvp BH2HQ+plplEhEepyA40b9vwIovw67yxHVUDw/PKXZor6wVHaO0zMrAdV6nFdCQGFExnG DIy8NuwL/RbPrweflzzcOudwlYT/22U7HoS92hzUlJsaLwdP4suqdIZM5Rwwxi7Ki5KZ ctPQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=k4W6uhjJb2xnrHx7fPBdkrtjrVLv585GqCnkbEsF2rw=; b=DXYbDP0Lt+V67PlTe6mONu4J78727Q52jc+EtyOy3vjerEtaToe9gB405QMR74Owdq FYfMSokpMFQ1lufdmOq33tXJUppRxXt+slXR7XJ0b40o0Y451zZ5oSksy545eVgkblG0 owRJ4z89h5Opul8MUeLaBIkhvCxV38hs3vS4fFYlQBVVfayfYCDZ0XLbS+U1bFLZ51+i QLWPcnfhn2oUHaE0zhZR7HZYa2msu5QlkS9KVRObNgWd/ZOfhdwPu0tdAT/vCZbLq6qw aCg+Vti+0oxYLygaI5DhLnR454jysoiNXKXUcGExf2FgDVcAKYJyuoqlmM+34M7txkkh CNvw==
X-Gm-Message-State: APjAAAWLSNiqp2UymX4gun78LZ4Bpsw1sogrOedsViTrsBCYbbRliQ2t N5o9dcjTPmOD7E8MHsfjhTXWyfHlA78Di2B5Z8cqcjB1iF5K6A==
X-Google-Smtp-Source: APXvYqxLcidjtNBVdhl1iQSla1R6TTfurJzi9c8xFKOJvssA9WCHE52oEe1LexMG1dksHwuWXdDJVI3Lio5nCJ8FJI8=
X-Received: by 2002:a1c:e3c1:: with SMTP id a184mr7720340wmh.24.1562167303866; Wed, 03 Jul 2019 08:21:43 -0700 (PDT)
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized.
X-Received-From: 2a00:1450:4864:20::333
X-Mailman-Approved-At: Wed, 03 Jul 2019 13:23:29 -0400
X-Content-Filtered-By: Mailman/MimeDel 2.1.23
X-BeenThere: bug-bash@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Bug reports for the GNU Bourne Again SHell <bug-bash.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-bash>
List-Post: <mailto:bug-bash@gnu.org>
List-Help: <mailto:bug-bash-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=subscribe>
X-Mailman-Original-Message-ID: <CAPXkjd8hZ25JtBzpqnMHUpZOCfSo5SmjR5vWnxhra+0OkC9GDw@mail.gmail.com>
Xref: csiph.com gnu.bash.bug:15076

Configuration Information [Automatically generated, do not change]:
Machine: x86_64
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS:  -DPROGRAM='bash' -DCONF_HOSTTYPE='x86_64'
-DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='x86_64-pc-linux-gnu'
-DCONF_VENDOR='pc' -DLOCALEDIR='/usr/share/locale' -DPACKAGE='bash' -DSHELL
-DHAVE_CONFIG_H   -I.  -I../. -I.././include -I.././lib  -Wdate-time
-D_FORTIFY_SOURCE=2 -g -O2
-fdebug-prefix-map=/build/bash-GTWdCm/bash-4.4.18=.
-fstack-protector-strong -Wformat -Werror=format-security -Wall
-Wno-parentheses -Wno-format-security
uname output: Linux <redacted>.google.com <redacted>-amd64 #1 SMP Debian
<redacted> (2019-05-15 > 2018) x86_64 GNU/Linux
Machine Type: x86_64-pc-linux-gnu

Bash Version: 4.4
Patch Level: 19
Release Status: release

Description:
I found a reproducible segmentation fault in bash.
Some interaction between the "time" builtin and signals, perhaps?

The stack trace for this crash (with addresses elided) was:
#0  ... in _int_malloc (av=av@entry=... <main_arena>, bytes=bytes@entry=32)
at malloc.c:...
#1  ... in __GI___libc_malloc (bytes=32) at malloc.c:...
#2  ... in xmalloc ()
#3  ... in unwind_protect_mem ()
#4  ... in ?? ()
#5  ... in ?? ()
#6  ... in execute_command_internal ()
#7  ... in execute_command ()
#8  ... in reader_loop ()
#9  ... in main ()

Repeat-By:
1. Start a bash shell, and type the following commands:
       foo() { sleep 10; sleep 10; }
       bar() { time foo; }
       bar
2. Interrupt the command in step 1 by hitting control-C after "bar" has
  been running for a second or two.
3. Type the following commands:
       bar

Terminal log from reproducing this bug:

bash$ env - bash --noprofile --norc
bash-4.4$ ulimit -c unlimited
bash-4.4$ cd /tmp
bash-4.4$ foo() { sleep 10; sleep 10; }
bash-4.4$ bar() { time foo; }
bash-4.4$ bar
^C

real    0m0.832s
user    0m0.002s
sys     0m0.001s
bash-4.4$ bar
Segmentation fault (core dumped)

-- 
Fergus Henderson <fergus@google.com>