Integer overflow in command substitution

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Integer overflow in command substitution

From:	Siteshwar Vashisht
Subject:	Integer overflow in command substitution
Date:	Thu, 16 Nov 2017 06:50:59 -0500 (EST)

Machine: x86_64
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS:  -DPROGRAM='bash' -DCONF_HOSTTYPE='x86_64' 
-DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='x86_64-redhat-linux-gnu' 
-DCONF_VENDOR='redhat' -DLOCALEDIR='/usr/share/locale' -DPACKAGE='bash' -DSHELL 
-DHAVE_CONFIG_H   -I.  -I. -I./include -I./lib  -D_GNU_SOURCE -DRECYCLES_PIDS 
-DDEFAULT_PATH_VALUE='/usr/local/bin:/usr/bin'  -O2 -g -pipe -Wall 
-Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions 
-fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches 
-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic 
-Wno-parentheses -Wno-format-security
uname output: Linux localhost.localdomain 4.13.12-200.fc26.x86_64 #1 SMP Wed 
Nov 8 16:47:26 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
Machine Type: x86_64-redhat-linux-gnu

Bash Version: 4.4
Patch Level: 12
Release Status: release

Repeat-By:
        $ bash -c 'true $(yes xxxxxxxxxxxxxxxx)'
        bash: xrealloc: cannot allocate 18446744071562067968 bytes

Fix:
        Attached patch fixes this issue.

-- 
--
Siteshwar Vashisht

0001-Avoid-integer-overflow-while-allocating-memory-in-re.patch
Description: Text Data

[Prev in Thread]

Current Thread

[Next in Thread]

Integer overflow in command substitution, Siteshwar Vashisht <=
- Re: Integer overflow in command substitution, Eduardo A . Bustamante López, 2017/11/16

Prev by Date: Re: command substitution inside parameter expansion inside "for ((;;))"
Next by Date: Re: Integer overflow in command substitution
Previous by thread: $"\t': Bash bug or not?
Next by thread: Re: Integer overflow in command substitution
Index(es):
- Date
- Thread