bash 2.05b Segmentation Fault

From: Gerardo Pozzi
Subject: bash 2.05b Segmentation Fault
Date: Tue, 11 Mar 2003 16:14:06 -0300 (ART)

address@hidden:~$ bash --version
GNU bash, version 2.05b.0(1)-release
Copyright (C) 2002 Free Software Foundation, Inc.
Compiler used gcc 3.2
CFLAGS="-O2 -march=i386 -mcpu=i686" ./configure
Applied patches:
Patch-ID: bash205b-001
Patch-ID: bash205b-002
Patch-ID: bash205b-003
Patch-ID: bash205b-004
To reproduce the problem is simple create a minimun
.bash_history (or
other bash_history file , is the same) like this:

address@hidden:~$ cat bash_history_bug
and the hexdump is:

address@hidden:~$ hexdump -C bash_history_bug
00000000 f1 73 0a 6c 73 0a |.s.ls.|
ok , let go execute bash with the history file (the
same problem with
default file, this is a example)

address@hidden:~$ HISTFILE=bash_history_bug bash

ok now press the up-arrow, one time, the result is:

address@hidden:~$ ls

and press up-arrow again, CRASH.

address@hidden:~$ lsSegmentation fault

ok now debug of the problem with gdb:

address@hidden:~$ gdb bash
GNU gdb 5.2.1
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General
Public License, and
you are
welcome to change it and/or distribute copies of it
under certain
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show
warranty" for
This GDB was configured as
"i386-slackware-linux"...(no debugging
symbols found)...
(gdb) set env HISTFILE=bash_history_bug
(gdb) run
Starting program: /bin/bash
bash-2.05b$ ls(no debugging symbols found)...(no
debugging symbols
found)...(no debugging symbols found)...
Program received signal SIGSEGV, Segmentation fault.
0x080bd3b6 in _rl_get_char_len ()
(gdb) bt
#0 0x080bd3b6 in _rl_get_char_len ()
#1 0x080bd443 in _rl_compare_chars ()
#2 0x080b3cf2 in rl_redisplay ()
#3 0x080b272a in rl_redisplay ()
#4 0x080a86ad in readline_internal_char ()
#5 0x080a8785 in readline_internal_char ()
#6 0x080a87b0 in readline_internal_char ()
#7 0x080a835a in readline ()
#8 0x0805dea5 in yy_input_name ()
#9 0x0805de1c in yy_input_name ()
#10 0x0805e7d5 in read_secondary_line ()
#11 0x0805f34c in reset_parser ()
#12 0x0805eda4 in execute_prompt_command ()
#13 0x0805dcd3 in yyparse ()
#14 0x0805cbe4 in parse_command ()
#15 0x0805cc5f in read_command ()
#16 0x0805c989 in reader_loop ()
#17 0x0805ad9b in main ()
#18 0x40045bb4 in __libc_start_main () from

the old bash no crash and shows the next line of
history (ñs) without
any problem.

Gerardo Exequiel Pozzi ( Dj Gera )
(Sorry My English)

