[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bash shell parser bug

From: laura fairhead
Subject: bash shell parser bug
Date: Thu, 16 Mar 2006 00:55:27 +0000 (GMT)


I just found a bug that affects a number of shells
(pressumably the
code there is from the same roots) in the parser.

The following code;

l='eval "$l"'
eval "$l"

Which sets off an infinite recursion on 'eval', should
result in an 
infinite loop to be terminated by INT (doesnt' work)
or at least
end gracefully with an error "bash: out of memory".
Instead the
system has to kill the shell process because of SEGV

I'm not familiar with bash internals but it looks to
me like
some sort of heap overflow problem.

I traced the system calls using 'strace' and it is
extending the
data area with brk() by 4k a time until finally,
pressumaby it
just doesn't check the error from brk() not finding
anymroe memory.


To help you stay safe and secure online, we've developed the all new Yahoo! 
Security Centre. http://uk.security.yahoo.com

reply via email to

[Prev in Thread] Current Thread [Next in Thread]