[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Corrupted syntax error messages for null substring expansion in arithmet

From: Edward Catmur
Subject: Corrupted syntax error messages for null substring expansion in arithmetic expression
Date: Wed, 24 May 2006 07:28:19 +0100

Hm, that's a mouthful.

Running bash 3.1.17.

$ bash -c 'foo=""; (( ${foo:1} < 10 ))'
bash: Xl: < 10 : syntax error: operand expected (error token is "< 10 ")
The characters indicated by carets above differ from run to run
depending on memory usage. Obviously, this indicates that bash is
spewing the contents of freed memory.

The freed string being read into the error message is (global)
this_command_name (evalerror in expr.c). Putting a watch in gdb on
this_command_name indicates that the point it is freed is subst.c line

  /* If this is a substring spec, process it and add the result. */
  if (want_substring)
      temp1 = parameter_brace_substring (name, temp, value, quoted);
      FREE (name);
      FREE (value);
      FREE (temp);

On going into parameter_brace_substring(), parameter_brace_substring
assigns its first argument to this_command_name. When it is freed after
exit, this_command_name points to freed memory.

Simplest fix would probably be to have parameter_brace_substring assign
its return value to this_command_name before exit, to ensure that
this_command_name always points to valid memory.

Patch attached.

Ed Catmur

Attachment: parameter_brace_substring-valid-this_command_name.patch
Description: Text Data

reply via email to

[Prev in Thread] Current Thread [Next in Thread]