Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > gnu.bash.bug > #11364
| Path | csiph.com!optima2.xanadu-bbs.net!xanadu-bbs.net!news.glorb.com!usenet.stanford.edu!not-for-mail |
|---|---|
| From | Dan Douglas <ormaaj@gmail.com> |
| Newsgroups | gnu.bash.bug |
| Subject | Re: Integer Overflow in braces |
| Date | Tue, 18 Aug 2015 08:12:39 -0500 |
| Lines | 33 |
| Approved | bug-bash@gnu.org |
| Message-ID | <mailman.8517.1439903573.904.bug-bash@gnu.org> (permalink) |
| References | <CABq52TYThGj9OtBn3xTti5scmA=WdnS7ULw3G6GMayPK6WR0+w@mail.gmail.com> <5768562.ErHXazUaoC@smorgbox> <20150818130433.GF4309@eeg.ccf.org> |
| NNTP-Posting-Host | lists.gnu.org |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset="UTF-8" |
| Content-Transfer-Encoding | 7Bit |
| X-Trace | usenet.stanford.edu 1439903573 9736 208.118.235.17 (18 Aug 2015 13:12:53 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| Cc | Greg Wooledge <wooledg@eeg.ccf.org>, Pasha K <pashakravtsov@gmail.com> |
| To | bug-bash@gnu.org |
| Envelope-to | bug-bash@gnu.org |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id:user-agent:in-reply-to :references:mime-version:content-transfer-encoding:content-type; bh=0y2aUqke1dXdybtH7ewyzeZvsYEAtrOkkAm7g3v7A9U=; b=QEqBTl9Edf9vDIh5IYW6fDP5QlfX8ZIsIrIB4EtSecUr+Zi6ei6FIk5uRPyX1pq1vh 2oF9iAkRfXxYKWMj1Q6jvc6uE493bBEVe2rGQ8BYDu4Dz4nhqew0OxPg2qREzNrJ/nJm 8W75yGJM1iJObh9RltVe3JYMM9ZS8wSVVAjUtx/t3NX3T1k2UBOLIiL52VtvARNjO9Zo JyY7Ge9NCF52AUIC0eaVitgqKJhnqpLFT9sj4KEG4MNSk+u0WMhQ3+gj6uJ1N0WR+Q03 RcGlAaCWudClmyVQd2rcHbNpAGC40MybBzNJQR62ZmsoqaNnycWXX1pQCyBHCzhsj5H8 gXoA== |
| X-Received | by 10.107.138.216 with SMTP id c85mr6743762ioj.187.1439903561143; Tue, 18 Aug 2015 06:12:41 -0700 (PDT) |
| User-Agent | KMail/5.0.41 alpha1 (Linux/4.2.0-rc7; KDE/5.14.0; x86_64; ; ) |
| In-Reply-To | <20150818130433.GF4309@eeg.ccf.org> |
| X-detected-operating-system | by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). |
| X-Received-From | 2607:f8b0:4001:c06::229 |
| X-BeenThere | bug-bash@gnu.org |
| X-Mailman-Version | 2.1.14 |
| Precedence | list |
| List-Id | Bug reports for the GNU Bourne Again SHell <bug-bash.gnu.org> |
| List-Unsubscribe | <https://lists.gnu.org/mailman/options/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=unsubscribe> |
| List-Archive | <http://lists.gnu.org/archive/html/bug-bash> |
| List-Post | <mailto:bug-bash@gnu.org> |
| List-Help | <mailto:bug-bash-request@gnu.org?subject=help> |
| List-Subscribe | <https://lists.gnu.org/mailman/listinfo/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=subscribe> |
| Xref | csiph.com gnu.bash.bug:11364 |
Show key headers only | View raw
On Tuesday, August 18, 2015 09:04:33 AM Greg Wooledge wrote:
> On Tue, Aug 18, 2015 at 07:54:48AM -0500, Dan Douglas wrote:
> > IMHO the issue of whether the integer is allowed to overflow is separate
from
> > the question of whether the resulting expansion is "too big". Code that
does
> > an `eval "blah{0..$n}"` is reasonably common and not necessarily stupid.
>
> Yes, that's fine. But I don't actually understand what kind of overflow
> Pasha K was actually trying to test for. He/she mentioned "nelem", which
> only appears in two places in the bash source code: once in indexed
> arrays, and once in associative arrays. But there were no arrays in
> the script being executed.
>
> {0..9999999999999999} should produce an error because it runs out of
> memory. So I would expect to see a malloc failure, or something similar.
> If Pasha is saying that an integer overflow occurs before the malloc
> failure, then that may or may not be interesting to Chet. If it crashes
> bash, then it's not interesting to me, because the inevitable malloc
> failure would have crashed it if the overflow didn't. It only becomes
> interesting to me if the integer overflow causes some weird behavior to
> happen BEFORE bash crashes.
>
Actually I think I spoke too soon. There's already some considerable logic in
braces.c to check for overflow (e.g. around braces.c:390 shortly after
declaration of the int). Looks like there were some changes in this code last
year to "beef it up" a bit. (see commit
67440bc5959a639359bf1dd7d655915bf6e9e7f1). I suspect this is probably fixed in
devel.
--
Dan Douglas
Back to gnu.bash.bug | Previous | Next | Find similar
Re: Integer Overflow in braces Dan Douglas <ormaaj@gmail.com> - 2015-08-18 08:12 -0500
csiph-web