Path: csiph.com!optima2.xanadu-bbs.net!xanadu-bbs.net!news.glorb.com!usenet.stanford.edu!not-for-mail From: Chet Ramey Newsgroups: gnu.bash.bug Subject: Re: bash-4.3_p39 Segfaults in array_flush at array.c:111 after incorrect conversion from indexed to associative array Date: Tue, 18 Aug 2015 10:23:50 -0400 Lines: 55 Approved: bug-bash@gnu.org Message-ID: References: <20150816110235.91f3e12e3f20d20cdaad963e@gmail.com> Reply-To: chet.ramey@case.edu NNTP-Posting-Host: lists.gnu.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------030701010201030907050705" X-Trace: usenet.stanford.edu 1439907843 12119 208.118.235.17 (18 Aug 2015 14:24:03 GMT) X-Complaints-To: action@cs.stanford.edu Cc: chet.ramey@case.edu To: Sergey Tselikh , bug-bash@gnu.org Envelope-to: bug-bash@gnu.org X-Enigmail-Draft-Status: N1110 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.0.1 In-Reply-To: <20150816110235.91f3e12e3f20d20cdaad963e@gmail.com> X-Junkmail-Status: score=10/50, host=mpv6.cwru.edu X-Junkmail-Whitelist: YES (by domain whitelist at mpv2.tis.cwru.edu) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.4.x-2.6.x [generic] X-Received-From: 129.22.105.37 X-BeenThere: bug-bash@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Bug reports for the GNU Bourne Again SHell List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Xref: csiph.com gnu.bash.bug:11370 This is a multi-part message in MIME format. --------------030701010201030907050705 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit On 8/15/15 9:02 PM, Sergey Tselikh wrote: > Description: > An incorrect conversion from indexed to associative array in bash script leads > bash interpreter to segfault (bash still gives a useful error report in this situation, > which is good). > > As seen in the output of GDB, bash terminates in array_flush function: > > Core was generated by `../untars/bash-43-39/bash-4.3/root/bin/bash -x repro'. > Program terminated with signal SIGSEGV, Segmentation fault. > #0 0x0000000000470879 in array_flush (a=0x19de728) at array.c:111 > 111 for (r = element_forw(a->head); r != a->head; ) { Thanks for the report. The problem was incomplete error propagation. It will be fixed for the next release of bash. I've attached a patch for folks to experiment with; your line numbers will vary wildly. Chet -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, ITS, CWRU chet@case.edu http://cnswww.cns.cwru.edu/~chet/ --------------030701010201030907050705 Content-Type: application/x-patch; name="array-convert-segfault.patch" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="array-convert-segfault.patch" KioqIC9mczIvY2hldC9iYXNoL2Jhc2gtMjAxNTA4MTMvc3Vic3QuYwkyMDE1LTA4LTEzIDEx OjMyOjU0LjAwMDAwMDAwMCAtMDQwMAotLS0gc3Vic3QuYwkyMDE1LTA4LTE4IDEwOjEzOjU5 LjAwMDAwMDAwMCAtMDQwMAoqKioqKioqKioqKioqKioKKioqIDEwMTM5LDEwMTQzICoqKioK ICAJICBvcHRzW29wdGldID0gJ1wwJzsKICAJICBpZiAob3B0aSA+IDApCiEgCSAgICBtYWtl X2ludGVybmFsX2RlY2xhcmUgKHRsaXN0LT53b3JkLT53b3JkLCBvcHRzKTsKICAKICAJICB0 ID0gZG9fd29yZF9hc3NpZ25tZW50ICh0bGlzdC0+d29yZCwgMCk7Ci0tLSAxMDEzOSwxMDE1 MCAtLS0tCiAgCSAgb3B0c1tvcHRpXSA9ICdcMCc7CiAgCSAgaWYgKG9wdGkgPiAwKQohIAkg ICAgewohIAkgICAgICB0ID0gbWFrZV9pbnRlcm5hbF9kZWNsYXJlICh0bGlzdC0+d29yZC0+ d29yZCwgb3B0cyk7CiEgCSAgICAgIGlmICh0ICE9IEVYRUNVVElPTl9TVUNDRVNTKQohIAkJ ewohIAkJICBsYXN0X2NvbW1hbmRfZXhpdF92YWx1ZSA9IHQ7CiEgCQkgIGV4cF9qdW1wX3Rv X3RvcF9sZXZlbCAoRElTQ0FSRCk7CiEgCQl9CiEgCSAgICB9CiAgCiAgCSAgdCA9IGRvX3dv cmRfYXNzaWdubWVudCAodGxpc3QtPndvcmQsIDApOwo= --------------030701010201030907050705--