bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

undo list free crash


From: Grisha Levit
Subject: undo list free crash
Date: Tue, 28 Feb 2023 17:17:53 -0500

After the changes in
https://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel&id=9e3495c9,
I sometimes get segfaults when performing a bunch of history
navigations followed by ^C.

Small reproducer from some input fuzzing and debugger output below.


cat >/tmp/hist <<'EOF'
X
XX
EOF

cat >/tmp/brc <<'EOF'
bind -x '"\eI": kill -INT 0'
EOF

cat >/tmp/irc <<'EOF'
"\e[A": history-search-backward
set history-preserve-point on
set revert-all-at-newline on
EOF

HISTFILE=/tmp/hist INPUTRC=/tmp/irc "$BASH" --rcfile /tmp/brc -i < <(
    printf 'XX'
    printf '\e[D\e[D\e[C\e[B\e[D\e[A\e[D\e[A\e[B\e[C\e[D\e[A\e[D\e[A'
    printf '\eI'
)


* thread #1, queue = 'com.apple.main-thread', stop reason =
EXC_BAD_ACCESS (code=1, address=0x3567a068f1b8)
    frame #0: 0x00000001045ce170 bash`rl_do_undo at undo.c:186:25
   183
   184       /* To better support vi-mode, a start or end value of -1 means
   185 rl_point, and a value of -2 means rl_end. */
-> 186       if (rl_undo_list->what == UNDO_DELETE ||
rl_undo_list->what == UNDO_INSERT)
   187 {
   188   start = TRANS (rl_undo_list->start);
   189   end = TRANS (rl_undo_list->end);
Target 0: (bash) stopped.
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason =
EXC_BAD_ACCESS (code=1, address=0x3567a068f1b8)
  * frame #0: 0x00000001045ce170 bash`rl_do_undo at undo.c:186:25
    frame #1: 0x00000001045d82f0 bash`_rl_revert_previous_lines at misc.c:468:6
    frame #2: 0x00000001045d83a4 bash`_rl_revert_all_lines at misc.c:498:3
    frame #3: 0x00000001045a47bc
bash`readline_internal_teardown(eof=1) at readline.c:507:5
    frame #4: 0x00000001045a4468 bash`readline_internal at readline.c:740:11
    frame #5: 0x00000001045a4320 bash`readline(prompt="bash-5.2$ ") at
readline.c:387:11
    frame #6: 0x00000001044bf6b0 bash`yy_readline_get at parse.y:1564:31
    frame #7: 0x00000001044c58f0 bash`yy_getc at parse.y:1501:10
    frame #8: 0x00000001044c6290
bash`shell_getc(remove_quoted_newline=1) at parse.y:2396:8
    frame #9: 0x00000001044c4b48 bash`read_token(command=0) at parse.y:3436:23



reply via email to

[Prev in Thread] Current Thread [Next in Thread]