[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bash shell parser bug
From: |
laura fairhead |
Subject: |
bash shell parser bug |
Date: |
Thu, 16 Mar 2006 20:28:28 -0800 (PST) |
Hello,
I just found a bug that affects a number of shells (pressumably the
code there is from the same roots) in the parser.
The following code;
l='eval "$l"'
eval "$l"
Which sets off an infinite recursion on 'eval', should result in an
infinite loop to be terminated by INT (doesnt' work) or at least
end gracefully with an error "bash: out of memory". Instead the
system has to kill the shell process because of SEGV fault.
I'm not familiar with bash internals but it looks to me like
some sort of heap overflow problem.
I traced the system calls using 'strace' and it is extending the
data area with brk() by 4k a time until finally, pressumaby it
just doesn't check the error from brk() not finding anymroe memory.
bestwishes
laura
--
View this message in context:
http://www.nabble.com/bash-shell-parser-bug-t1295794.html#a3450069
Sent from the Gnu - Bash forum at Nabble.com.
- bash shell parser bug,
laura fairhead <=