Re: bash core dumps doing glob pattern on long string

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: bash core dumps doing glob pattern on long string

From:	Chet Ramey
Subject:	Re: bash core dumps doing glob pattern on long string
Date:	Mon, 10 Oct 2022 10:30:09 -0400
User-agent:	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.3.1

On 10/9/22 4:07 AM, Phi Debian wrote:

I was looking at a bug on ksh93 that is
"core dumps doing glob pattern on long string" and it happen that bash
suffer the same.

$ [[ $(printf '%0100000d' 0) == +(0) ]]

I see 3 way of fixing this

1)  [[ string == pattern ]] is for glob pattern, so string should be
limited to PATH_MAX, so an upfront string length on string could prevent to
call the glob pattern recursive functions, and then avoid the core dump.


This isn't a valid assumption -- the conditional command is not solely for
filename matching, as this example shows -- so not a good general solution.
In fact, PATH_MAX shouldn't be considered at all.

2) Since some may have abused the glob pattern with long string bigger then
PATH_MAX but smaller than core dump, imposing a PATH_MAX limit may break
some wrong scripts, so instead we could have a fix recursion deep level, as
we do have for shell functions calling,  this hopefully should allow  wrong
doing script with abused string length to continue to run, yet avoiding
core dump when reaching the limit, i.e break the call path.

3) Implement a stack deep check in the recursion, when getting close to the
end of stack break the function trail (like function too deep for recursive
functions).


These are the same thing. You'd have to have a user-settable glob recursion
limit, which is something that few people would understand and even fewer
would set, since there's no good portable way to find how close you are to
exceeding your stack size resource limit without exceeding it, and a simple
string length check is not necessarily going to catch all cases. For
instance,

v=$(printf  '%0100000d' 0)
[[ $v == +($v) ]]

will run (slowly) to successful completion without exceeding any stack
limit.

So the problem becomes finding the appropriate recursion limit.

--
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU    chet@case.edu    http://tiswww.cwru.edu/~chet/

[Prev in Thread]

Current Thread

[Next in Thread]

bash core dumps doing glob pattern on long string, Phi Debian, 2022/10/09
- Re: bash core dumps doing glob pattern on long string, Oğuz, 2022/10/09
  - Re: bash core dumps doing glob pattern on long string, Koichi Murase, 2022/10/09
    - Re: bash core dumps doing glob pattern on long string, Phi Debian, 2022/10/09
- Re: bash core dumps doing glob pattern on long string, Chet Ramey <=
  - Re: bash core dumps doing glob pattern on long string, Phi Debian, 2022/10/10
    - Re: bash core dumps doing glob pattern on long string, Chet Ramey, 2022/10/10
    - Re: bash core dumps doing glob pattern on long string, Phi Debian, 2022/10/11
    - Re: bash core dumps doing glob pattern on long string, Chet Ramey, 2022/10/11
- Re: bash core dumps doing glob pattern on long string, Martin D Kealey, 2022/10/11
  - Re: bash core dumps doing glob pattern on long string, Phi Debian, 2022/10/11
    - Re: bash core dumps doing glob pattern on long string, Phi Debian, 2022/10/11
    - Re: bash core dumps doing glob pattern on long string, Phi Debian, 2022/10/11
    - Re: bash core dumps doing glob pattern on long string, Martin D Kealey, 2022/10/11
    - Re: bash core dumps doing glob pattern on long string, Phi Debian, 2022/10/11

Prev by Date: Re: [PATCH] Fix foreground dead jobs in trap handlers reported like background ones in `jobs'
Next by Date: Re: New instances of Bash should ignore and reset BASH_ARGV0
Previous by thread: Re: bash core dumps doing glob pattern on long string
Next by thread: Re: bash core dumps doing glob pattern on long string
Index(es):
- Date
- Thread