Path: csiph.com!xmission!news.glorb.com!usenet.stanford.edu!not-for-mail
From: Sergey Tselikh <stselikh@gmail.com>
Newsgroups: gnu.bash.bug
Subject: bash-4.3_p39 Segfaults in array_flush at array.c:111 after incorrect conversion from indexed to associative array
Date: Sun, 16 Aug 2015 11:02:35 +1000
Lines: 69
Approved: bug-bash@gnu.org
Message-ID: <mailman.8407.1439699202.904.bug-bash@gnu.org>
NNTP-Posting-Host: lists.gnu.org
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
To: bug-bash@gnu.org
Envelope-to: bug-bash@gnu.org
Precedence: list
Xref: csiph.com gnu.bash.bug:11353

Configuration Information [Automatically generated, do not change]:
Machine: x86_64
OS: linux-gnu
Compiler: x86_64-pc-linux-gnu-gcc
Compilation CFLAGS:  -DPROGRAM='bash' -DCONF_HOSTTYPE='x86_64' -DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='x86_64-pc-linux-gnu' -DCONF_VENDOR='pc' -DLOCALEDIR='/usr/share/locale' -DPACKAGE='bash' -DSHELL -DHAVE_CONFIG_H   -I. -I./include -I. -I./include -I./lib  -DDEFAULT_PATH_VALUE='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' -DSTANDARD_UTILS_PATH='/bin:/usr/bin:/sbin:/usr/sbin' -DSYS_BASHRC='/etc/bash/bashrc' -DSYS_BASH_LOGOUT='/etc/bash/bash_logout' -DNON_INTERACTIVE_LOGIN_SHELLS -DSSH_SOURCE_BASHRC -pipe -march=corei7-avx -mno-aes -mfpmath=sse,387 -O2 -finline-functions -fomit-frame-pointer
uname output: Linux laptop 3.10.77-gentoo-stselikh #1 SMP PREEMPT Mon May 18 12:45:11 VLAT 2015 x86_64 Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz GenuineIntel GNU/Linux
Machine Type: x86_64-pc-linux-gnu

Bash Version: 4.3
Patch Level: 39
Release Status: release


Configuration Information of bash-4.3_p39 recompiled with debug information [Automatically generated by bashbug, of course]:
Machine: x86_64
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS:  -DPROGRAM='bash' -DCONF_HOSTTYPE='x86_64' -DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='x86_64-unknown-linux-gnu' -DCONF_VENDOR='unknown' -DLOCALEDIR='/home/stselikh/untars/bash-43-39/bash-4.3/root/share/locale' -DPACKAGE='bash' -DSHELL -DHAVE_CONFIG_H   -I.  -I. -I./include -I./lib   -g
uname output: Linux laptop 3.10.77-gentoo-stselikh #1 SMP PREEMPT Mon May 18 12:45:11 VLAT 2015 x86_64 Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz GenuineIntel GNU/Linux
Machine Type: x86_64-unknown-linux-gnu

Bash Version: 4.3
Patch Level: 39
Release Status: release



Description:
An incorrect conversion from indexed to associative array in bash script leads
bash interpreter to segfault (bash still gives a useful error report in this situation,
which is good).

As seen in the output of GDB, bash terminates in array_flush function:

Core was generated by `../untars/bash-43-39/bash-4.3/root/bin/bash -x repro'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x0000000000470879 in array_flush (a=0x19de728) at array.c:111
111             for (r = element_forw(a->head); r != a->head; ) {



Repeat-By:
The following script may be used to repeat the problem:

#!/bin/bash
aaa() {
    declare -g -a unique=()
}
bbb() {
    declare -g -A unique=()
}
aaa
bbb


When run with -x, it gives the following output:

+ aaa
+ unique=()            
+ declare -g -a unique
+ bbb
repro: line 8: bbb: unique: cannot convert indexed to associative array
+ unique=()
Segmentation fault (core dumped)


-- 
Sergey Tselikh <stselikh@gmail.com>