[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Segfault on recursive trap/kill
From: |
Mike Gerwitz |
Subject: |
Re: Segfault on recursive trap/kill |
Date: |
Sat, 06 Oct 2018 19:53:25 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) |
On Sat, Oct 06, 2018 at 12:33:22 -0400, Chet Ramey wrote:
> On 10/5/18 9:33 PM, Mike Gerwitz wrote:
>> The following code will cause a segfault on bash-4.4.19(1) on
>> GNUÂ Guix. I reproduced the issue on an old Ubuntu 14.04 LTS running
>> bash-4.3.11(1) as well as a Trisquel system running the same version.
>>
>> bash -c 'trap "kill 0" TERM; kill 0'
>>
>> Also segfaults when replacing `0' with `$$', and presumably in any other
>> situation that would trigger the trap recursively.
>
> Yes. Bash has allowed recursive trap handlers since early 2014 (pre-4.3)
> due to requests for the feature and compatibility with other shells that
> allow it.
>
> If you manage to create infinite recursion, bash won't stop you.
Sure, I agree that the feature is useful, but are you saying that
terminating with a segfault is the intended behavior for runaway
recursion? Upon further inspection, it does look like
`foo() { foo; }; foo' also causes a segfault, so the behavior is
consistent with trap recursion.
As long as there is no exploitable flaw here, then I suppose this isn't
a problem; it's just that most users assume that a segfault represents a
problem with the program (unless they're dealing with their own memory
management). I haven't inspected the code to see if this is an access
violation or if Bash is intentionally signaling SIGSEGV.
In any case, thanks for the reply.
--
Mike Gerwitz
signature.asc
Description: PGP signature
Re: Segfault on recursive trap/kill, Robert Elz, 2018/10/06