bug-bash
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

completing quoted strings ending in backslash crashes

From: neil
Subject: completing quoted strings ending in backslash crashes
Date: Fri, 09 Oct 2009 23:13:42 -0400 
Configuration Information [Automatically generated, do not change]:
Machine: i686
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS:  -DPROGRAM='bash' -DCONF_HOSTTYPE='i686' 
-DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='i686-pc-linux-gnu' 
-DCONF_VENDOR='pc' -DLOCALEDIR='/usr/local/share/locale' -DPACKAGE='bash' 
-DSHELL -DHAVE_CONFIG_H   -I.  -I. -I./include -I./lib   -g -O2
uname output: Linux dirac.s-z.org 2.6.26-1-openvz-686 #1 SMP Wed Sep 10 
19:04:44 UTC 2008 i686 GNU/Linux
Machine Type: i686-pc-linux-gnu

Bash Version: 4.0
Patch Level: 33
Release Status: release

Description:
        Completing a (single- or double-) quoted string ending in a single
        backslash causes an assertion failure:
         malloc: unknown:0: assertion botched
         free: start and end chunk sizes differ
         last command: complete -r
         Aborting...Aborted (core dumped)

        The problem appears to be that, if the string ends in a backslash,
        bash_dequote_filename copies two NULs into the result buffer, which
        only has room for one.


Repeat-By:
        At an interactive prompt:
        $ complete -r
        $ echo 'foo\<TAB>

        The same occurs with  "foo\  and  'foo\\\  but not with  'foo\\ 
        or with unquoted foo\ .  'foo\\ does not fail because the NUL
        is not copied by the backslash-handling code; and  foo\  does
        not fail because there is room for both NULs (because the backslash
        is not copied).


Fix:
        The following patch fixes the problem by returning the result
        immediately, rather than breaking the loop and appending another
        NUL.  An alternative fix would be to decrement r before breaking
        so that the second NUL overwrites the first.

--- ../bash-4.0/bashline.c      2009-10-09 20:17:39.225856381 -0400
+++ bashline.c  2009-10-09 22:57:51.909908993 -0400
@@ -3225,7 +3225,7 @@
 
          *r++ = *++p;
          if (*p == '\0')
-           break;
+           return ret; /* Already NUL-terminated. */
          continue;
        }
       /* Close quote. */
reply via email to
[Prev in Thread] Current Thread [Next in Thread]