Re: global-buffer-overflow in parse.y

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: global-buffer-overflow in parse.y

From:	Chet Ramey
Subject:	Re: global-buffer-overflow in parse.y
Date:	Mon, 6 Mar 2023 09:16:12 -0500
User-agent:	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.8.0

On 3/3/23 2:22 AM, Grisha Levit wrote:

$ ./bash -c 'case x in x) if ((1)); then :; fi ;; esac'
parse.y:974:82: runtime error: index -1 out of bounds for type 'int[257]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior parse.y:974:82 in
=================================================================
==52960==ERROR: AddressSanitizer: global-buffer-overflow
READ of size 4 at 0x000100cf26dc thread T0
     #0 0x1004b63c8 in yyparse parse.y:974


Thanks for the report. It's the specific combination of `if' and the `(('
command that causes the problem.

Chet

--
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU    chet@case.edu    http://tiswww.cwru.edu/~chet/

[Prev in Thread]

Current Thread

[Next in Thread]

global-buffer-overflow in parse.y, Grisha Levit, 2023/03/03
- Re: global-buffer-overflow in parse.y, Chet Ramey <=
  - Re: global-buffer-overflow in parse.y, Grisha Levit, 2023/03/16
    - Re: global-buffer-overflow in parse.y, Chet Ramey, 2023/03/17

Prev by Date: Re: Vulnerability Report(UI Redressing)
Next by Date: asan report in bash_add_history
Previous by thread: global-buffer-overflow in parse.y
Next by thread: Re: global-buffer-overflow in parse.y
Index(es):
- Date
- Thread