[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

completing quoted strings ending in backslash crashes

From: neil
Subject: completing quoted strings ending in backslash crashes
Date: Fri, 09 Oct 2009 23:13:42 -0400

Configuration Information [Automatically generated, do not change]:
Machine: i686
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS:  -DPROGRAM='bash' -DCONF_HOSTTYPE='i686' 
-DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='i686-pc-linux-gnu' 
-DCONF_VENDOR='pc' -DLOCALEDIR='/usr/local/share/locale' -DPACKAGE='bash' 
-DSHELL -DHAVE_CONFIG_H   -I.  -I. -I./include -I./lib   -g -O2
uname output: Linux dirac.s-z.org 2.6.26-1-openvz-686 #1 SMP Wed Sep 10 
19:04:44 UTC 2008 i686 GNU/Linux
Machine Type: i686-pc-linux-gnu

Bash Version: 4.0
Patch Level: 33
Release Status: release

        Completing a (single- or double-) quoted string ending in a single
        backslash causes an assertion failure:
         malloc: unknown:0: assertion botched
         free: start and end chunk sizes differ
         last command: complete -r
         Aborting...Aborted (core dumped)

        The problem appears to be that, if the string ends in a backslash,
        bash_dequote_filename copies two NULs into the result buffer, which
        only has room for one.

        At an interactive prompt:
        $ complete -r
        $ echo 'foo\<TAB>

        The same occurs with  "foo\  and  'foo\\\  but not with  'foo\\ 
        or with unquoted foo\ .  'foo\\ does not fail because the NUL
        is not copied by the backslash-handling code; and  foo\  does
        not fail because there is room for both NULs (because the backslash
        is not copied).

        The following patch fixes the problem by returning the result
        immediately, rather than breaking the loop and appending another
        NUL.  An alternative fix would be to decrement r before breaking
        so that the second NUL overwrites the first.

--- ../bash-4.0/bashline.c      2009-10-09 20:17:39.225856381 -0400
+++ bashline.c  2009-10-09 22:57:51.909908993 -0400
@@ -3225,7 +3225,7 @@
          *r++ = *++p;
          if (*p == '\0')
-           break;
+           return ret; /* Already NUL-terminated. */
       /* Close quote. */

reply via email to

[Prev in Thread] Current Thread [Next in Thread]