On Okt 04 2021, Chet Ramey wrote:
I suspect this is a buffer overflow introduced between systemd-247 and
systemd-249. It's not caught when building bash without the bash malloc
because the default libc malloc probably doesn't do the bounds checking
the bash malloc does, even without malloc debugging turned on.
Chet, thanks for you detailed analysis,
I've opened an issue to get some inputs from systemd's devs:
https://github.com/systemd/systemd/issues/20931
Le lun. 04 oct. 2021 22h44 +0200, Andreas Schwab a écrit :
If it's a buffer overflow, then valgrind should be able to catch it
(when bash is configured --without-bash-malloc). valgrind's bounds
checking is much more advanced than what a checking malloc can do.
Andreas, just to confirm that so far I'm unable to get a crash or error
when using --without-bash-malloc, even in valgrind (but I'm a newbie at
valgrind).