bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Vertical tab on commandline in UTF-8 mode crashes bash.


From: Serge van den Boom
Subject: Vertical tab on commandline in UTF-8 mode crashes bash.
Date: Wed, 21 Jun 2006 15:55:25 +0200 (CEST)

Configuration Information [Automatically generated, do not change]:
Machine: i386
OS: freebsd5.5
Compiler: gcc
Compilation CFLAGS:  -DPROGRAM='bash' -DCONF_HOSTTYPE='i386' 
-DCONF_OSTYPE='freebsd5.5' -DCONF_MACHTYPE='i386-unknown-freebsd5.5' 
-DCONF_VENDOR='unknown' -DLOCALEDIR='/home/svdb/bashtemp/share/locale' 
-DPACKAGE='bash' -DSHELL  -DHAVE_CONFIG_H   -I.  -I. -I./include -I./lib 
-I./lib/intl -I/home/svdb/src/bash-3.1/lib/intl  -g -O0
uname output: FreeBSD frog.stack.nl 5.5-RELEASE-p1 FreeBSD 5.5-RELEASE-p1 #6: 
Mon Jun 12 18:16:16 CEST 2006     address@hidden:/usr/obj/usr/src/sys/FROG  i386
Machine Type: i386-unknown-freebsd5.5

Bash Version: 3.1
Patch Level: 0
Release Status: release

Description:
        When the LANG environment variable is set to an UTF-8 encoding,
        giving a command containing a vertical tab character will cause
        bash to race and eventually crash.
        This does not happen on all systems; I suspect this has something
        to do with the locale definitions. It worked on a FreeBSD 5.5 box.
        On closer investigation it appears the following is happening:
        parse.y line 2559:
                while ((character = shell_getc (1)) != EOF && whitespace 
(character))
        will stop at the vertical tab; whitespace() returns false for it.
        parse.y line 3594:
                if MBTEST(shellbreak (character))
        will see the vertical tab as a word break character; shellbreak()
        returns true for it. The result is that an empty string is taken
        as a word and no progress is made. And as for each found word
        memory is allocated,
        (parse.y line 3672 and onwards:
                the_word = (WORD_DESC *)xmalloc (sizeof (WORD_DESC));
                the_word->word = (char *)xmalloc (1 + token_index);
                strcpy (the_word->word, token);
        )
        eventually the process will run out of memory, and it will crash.

Repeat-By:
        On a FreeBSD system:
                env -i `which bash` --norc -c 'export LANG=en_GB.UTF-8; eval 
`printf \\\v`'
        





reply via email to

[Prev in Thread] Current Thread [Next in Thread]