fc -s ""="" "" segfaults in strsub()

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

fc -s ""="" "" segfaults in strsub()

From:	Timo Lindfors
Subject:	fc -s ""="" "" segfaults in strsub()
Date:	Mon, 03 Sep 2007 10:02:19 +0300
User-agent:	Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux)

Configuration Information [Automatically generated, do not change]:
Machine: i486
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS:  -DPROGRAM='bash' -DCONF_HOSTTYPE='i486' 
-DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='i486-pc-linux-gnu' 
-DCONF_VENDOR='pc' -DLOCALEDIR='/usr/share/
locale' -DPACKAGE='bash' -DSHELL -DHAVE_CONFIG_H   -I.  -I../bash 
-I../bash/include -I../bash/lib   -g -O2
uname output: Linux sauna 2.6.18-4-k7 #1 SMP Wed May 9 23:42:01 UTC 2007 i686 
GNU/Linux
Machine Type: i486-pc-linux-gnu

Bash Version: 3.1
Patch Level: 17
Release Status: release

Description:

Bash segfaults with the above command. GDB shows that the segfault
happens in strsub(). I noticed this problem when I ran the saturn
static analysis program ( http://saturn.stanford.edu/ ) against bash
source code and it reported

stringlib.c:173:red:Intraprocedural  Null error
stringlib.c:173:Possible NULL dereference of temp+templen

Repeat-By:

fc -s ""="" ""

Fix:

I don't know what the behavior of strsub() should be when both pat and
rep are empty strings. Maybe it should just exit without doing any
changes to the string?

[Prev in Thread]

Current Thread

[Next in Thread]

fc -s ""="" "" segfaults in strsub(), Timo Lindfors <=

Prev by Date: Re: Readline history and bash's read -e
Next by Date: Re: RFE: brace expansion sequences should do zero padding
Previous by thread: What am I missing?
Next by thread: Re: RFE: brace expansion sequences should do zero padding
Index(es):
- Date
- Thread