[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bash 5.2.21 segfaults when I feed it garbage
From: |
Grisha Levit |
Subject: |
Re: Bash 5.2.21 segfaults when I feed it garbage |
Date: |
Wed, 10 Jan 2024 14:06:17 -0500 |
On Mon, Jan 8, 2024 at 4:41 PM Chet Ramey <chet.ramey@case.edu> wrote:
> I think there's a simpler
> way to fix it in parse_compound_assignment and parse_string_to_word_list
> directly, and that change will be in the next devel branch push.
Rewriting the original report as:
bash <<<'((X=([))'
even after the last fix, there's still a similar issue with input like:
bash <<<'((X=([))]'
=================================================================
ERROR: AddressSanitizer: heap-use-after-free on address 0x000107f00cbc
at pc 0x000104b083ec bp 0x00016b3506e0 sp 0x00016b3506d8
READ of size 4 at 0x000107f00cbc thread T0
#0 0x104b083e8 in shell_getc parse.y:2712
#1 0x104b01908 in read_token parse.y:3516
#2 0x104ae47c0 in yylex parse.y:2995
0x000107f00cbc is located 60 bytes inside of 64-byte region
[0x000107f00c80,0x000107f00cc0)
freed by thread T0 here:
#0 0x105e1f380 in wrap_free+0x98
#1 0x104aec0f0 in pop_string parse.y:2042
#2 0x104b095d0 in shell_getc parse.y:2753
#3 0x104b15030 in read_token_word parse.y:5604
#4 0x104b047ec in read_token parse.y:3712
#5 0x104b28afc in parse_compound_assignment parse.y:6971
#6 0x104b13a28 in read_token_word parse.y:5543
#7 0x104b047ec in read_token parse.y:3712
#8 0x104ae47c0 in yylex parse.y:2995
previously allocated by thread T0 here:
#0 0x105e1f244 in wrap_malloc+0x94
#1 0x104ec5b40 in xmalloc xmalloc.c:107
#2 0x104aea90c in push_string parse.y:1981
#3 0x104b0cf58 in parse_dparen parse.y:4837
#4 0x104b02d50 in read_token parse.y:3635
#5 0x104ae47c0 in yylex parse.y:2995
SUMMARY: AddressSanitizer: heap-use-after-free parse.y:2712 in shell_getc