[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Probable internal memory allocator bug
From: |
Patrick Marlier |
Subject: |
Probable internal memory allocator bug |
Date: |
Thu, 31 Jan 2013 15:28:55 +0100 |
Here a testcase that makes bash crashes with many different ways (segfault,
invalid commands, ...). Note that you may need to run it few times before
to make it crash.
# Enable child monitor
set -m
function child_exited() {
#allocating memory
v="Child exited with $?"
vv=($(ls))
}
trap 'child_exited' CHLD
for cfile in $(seq 1 1000)
do
# just to show the progress...
echo -n "."
# allocating memory
temp=($(ls))
# spawning a child
/bin/true 1>/dev/null &
done
echo "Waiting all processes to finish"
wait
After tracing a bit the code, the problem seems to be a race condition in
the internal memory allocation (lib/malloc) due to the trap.
As Chet Ramey mentioned few days ago, I guess the next release of bash with
the rework on signal handlers and traps will fix this but I think it is a
good time to have a testcase before the next release.
Tested on different linux (Gentoo/Ubuntu), different Intel CPU
(x86_64/i686) and with different bash version (4.2.37/4.2.42). Funny fact:
I was not able to reproduce with an AMD CPU.
Thanks.
--
Patrick Marlier