bug-bash
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Another out of bounds heap read in bash completion

From: Chet Ramey
Subject: Re: Another out of bounds heap read in bash completion
Date: Fri, 10 Jul 2015 15:34:02 -0400
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 7/10/15 2:38 PM, Hanno Böck wrote:
> Hi Chet,
> 
> On Fri, 10 Jul 2015 14:23:25 -0400
> Chet Ramey <chet.ramey@case.edu> wrote:
> 
>>> To reproduce:
>>> a) compile bash with CFLAGS="-fsanitize=address -g"
>>> b) type in a=/ a
>>> c) go back with the cursor behind the backslash and press tab
>>
>> Thanks for the report.  I've attached a patch that should address the
>> problem.  It's not in bash-4.4-alpha.
> 
> Can confirm the patch fixes the issue.
> 
> However in 4.4 alpha I still get an asan error. However the stack trace
> is different.
> 
> Here's the asan message on 4.4 alpha:
> ==5999==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000
002d6f at pc 0x5ca2b8 bp 0x7fffc9d75240 sp 0x7fffc9d75230
> READ of size 1 at 0x602000002d6f thread T0
>     #0 0x5ca2b7 in printable_part /mnt/ram/bash-4.4-alpha/lib/readline/co
mplete.c:738

I can't reproduce this on fedora 22.  If you can, please run this from
inside gdb and tell me what the values of `pathname', `x', `temp' are when
it crashes.  Thanks.

Chet

- -- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    chet@case.edu    http://cnswww.cns.cwru.edu/~chet/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlWgHiMACgkQu1hp8GTqdKsgyQCeNHnussgxpn/UZvrqNane7NrP
XeQAn0kRjJJlpjPkUIB6IoWTvFPmgEwc
=BDRh
-----END PGP SIGNATURE-----
reply via email to
[Prev in Thread] Current Thread [Next in Thread]