bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bash parser segmentation fault


From: Eduardo Bustamante
Subject: Bash parser segmentation fault
Date: Wed, 3 May 2017 09:40:57 -0500

dualbus@debian:~/src/gnu/bash$ cat -v ~/segfault
0 i[$($(0(){a[$(($(0)))}>))

dualbus@debian:~/src/gnu/bash$ xxd ~/segfault
00000000: 3020 695b 2428 2428 3028 297b 615b 2428  0 i[$($(0(){a[$(
00000010: 2824 2830 2929 297d 3e29 29              ($(0)))}>))


dualbus@debian:~/src/gnu/bash$ ./bash -n ~/segfault
ASAN:DEADLYSIGNAL
=================================================================
==7547==ERROR: AddressSanitizer: SEGV on unknown address
0x000000000000 (pc 0x7ffa6e73f504 bp 0x7ffe0950b220 sp 0x7ffe0950a9a8
T0)
    #0 0x7ffa6e73f503 in strlen (/lib/x86_64-linux-gnu/libc.so.6+0x80503)
    #1 0x7ffa6eec6eec  (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x3beec)
    #2 0x56448beffd70 in error_token_from_token parse.y:6009
    #3 0x56448bf004bc in report_syntax_error parse.y:6109
    #4 0x56448beffc59 in yyerror parse.y:5985
    #5 0x56448beebe2b in yyparse /home/dualbus/src/gnu/bash/y.tab.c:3401
    #6 0x56448bee3db2 in parse_command /home/dualbus/src/gnu/bash/eval.c:294
    #7 0x56448bffef1e in parse_string
/home/dualbus/src/gnu/bash/builtins/evalstring.c:563
    #8 0x56448bef7695 in xparse_dolparen parse.y:4298
    #9 0x56448bf61d02 in extract_command_subst
/home/dualbus/src/gnu/bash/subst.c:1239
    #10 0x56448bf62d72 in extract_delimited_string
/home/dualbus/src/gnu/bash/subst.c:1383
    #11 0x56448bf658ff in skip_matched_pair
/home/dualbus/src/gnu/bash/subst.c:1793
    #12 0x56448bf65cfe in skipsubscript /home/dualbus/src/gnu/bash/subst.c:1818
    #13 0x56448bf03be1 in assignment /home/dualbus/src/gnu/bash/general.c:382
    #14 0x56448befc714 in read_token_word parse.y:5181
    #15 0x56448bef222a in read_token parse.y:3330
    #16 0x56448beefea3 in yylex parse.y:2675
    #17 0x56448bee4be1 in yyparse /home/dualbus/src/gnu/bash/y.tab.c:1827
    #18 0x56448bee3db2 in parse_command /home/dualbus/src/gnu/bash/eval.c:294
    #19 0x56448bee4007 in read_command /home/dualbus/src/gnu/bash/eval.c:338
    #20 0x56448bee3243 in reader_loop /home/dualbus/src/gnu/bash/eval.c:140
    #21 0x56448bede9ed in main /home/dualbus/src/gnu/bash/shell.c:794
    #22 0x7ffa6e6df2b0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
    #23 0x56448bedd5e9 in _start (/home/dualbus/src/gnu/bash/bash+0x7f5e9)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
(/lib/x86_64-linux-gnu/libc.so.6+0x80503) in strlen
==7547==ABORTING



(gdb) r -n ~/segfault
Starting program: /home/dualbus/src/gnu/bash/bash -n ~/segfault

Program received signal SIGSEGV, Segmentation fault.
strlen () at ../sysdeps/x86_64/strlen.S:137
137     ../sysdeps/x86_64/strlen.S: No such file or directory.
(gdb) bt
#0  strlen () at ../sysdeps/x86_64/strlen.S:137
#1  0x0000555555592450 in error_token_from_token (tok=281) at ./parse.y:6009
#2  0x00005555555927d5 in report_syntax_error (message=0x0) at ./parse.y:6109
#3  0x0000555555592379 in yyerror (msg=0x5555556589da "syntax error")
at ./parse.y:5985
#4  0x0000555555588151 in yyparse () at y.tab.c:3401
#5  0x0000555555584c74 in parse_command () at eval.c:294
#6  0x00005555555fe53a in parse_string (string=0x5555558b5f46
"0(){a[$(($(0)))}>))",
    from_file=0x555555658f43 "command substitution", flags=77,
endp=0x7fffffffcf58) at evalstring.c:563
#7  0x000055555558dd91 in xparse_dolparen (base=0x5555558b5f40
"i[$($(0(){a[$(($(0)))}>))",
    string=0x5555558b5f46 "0(){a[$(($(0)))}>))", indp=0x7fffffffd150,
flags=73) at ./parse.y:4298
#8  0x00005555555bbfe7 in extract_command_subst (string=0x5555558b5f40
"i[$($(0(){a[$(($(0)))}>))", sindex=0x7fffffffd150, xflags=73)
    at subst.c:1239
#9  0x00005555555bc713 in extract_delimited_string
(string=0x5555558b5f40 "i[$($(0(){a[$(($(0)))}>))",
sindex=0x7fffffffd214,
    opener=0x55555565ba0f "$(", alt_opener=0x55555565ba0d "(",
closer=0x55555565ba0b ")", flags=9) at subst.c:1383
#10 0x00005555555bdaa7 in skip_matched_pair (string=0x5555558b5f40
"i[$($(0(){a[$(($(0)))}>))", start=1, open=91, close=93, flags=0)
    at subst.c:1793
#11 0x00005555555bdc5d in skipsubscript (string=0x5555558b5f40
"i[$($(0(){a[$(($(0)))}>))", start=1, flags=0) at subst.c:1818
#12 0x0000555555593d5a in assignment (string=0x5555558b5f40
"i[$($(0(){a[$(($(0)))}>))", flags=0) at general.c:382
#13 0x0000555555590939 in read_token_word (character=10) at ./parse.y:5181
#14 0x000055555558b1b4 in read_token (command=0) at ./parse.y:3330
#15 0x0000555555589eca in yylex () at ./parse.y:2675
#16 0x000055555558532a in yyparse () at y.tab.c:1827
#17 0x0000555555584c74 in parse_command () at eval.c:294
#18 0x0000555555584d5a in read_command () at eval.c:338
#19 0x00005555555848cb in reader_loop () at eval.c:140
#20 0x0000555555582617 in main (argc=3, argv=0x7fffffffe478,
env=0x7fffffffe498) at shell.c:794



reply via email to

[Prev in Thread] Current Thread [Next in Thread]