asan report in spname

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

asan report in spname

From:	Grisha Levit
Subject:	asan report in spname
Date:	Tue, 7 Mar 2023 12:12:00 -0500

happens when attempting spell-correct-word on an empty line

./bash --norc -in <<<$'\030s'

ERROR: AddressSanitizer: heap-buffer-overflow on address
0x000102e0d0d1 at pc 0x0001004ccf64 bp 0x00016fdf0e30 sp
0x00016fdf0e28
READ of size 1 at 0x000102e0d0d1 thread T0

    frame #5: 0x00000001004ccf64 bash`spname(oldname="", newname="")
at spell.c:78:8
    frame #6: 0x00000001004cde0c bash`dirspell(dirname="") at spell.c:195:11
    frame #7: 0x0000000100335a10
bash`bash_spell_correct_shellword(count=1, key=115) at
bashline.c:1348:16
    frame #8: 0x00000001004fe830 bash`_rl_dispatch_subseq(key=115,
map=0x00000001007e0360, got_subseq=0) at readline.c:922:8
    frame #9: 0x00000001005009dc bash`_rl_dispatch_subseq(key=24,
map=0x00000001007ddb20, got_subseq=0) at readline.c:1068:8
    frame #10: 0x00000001004fc434 bash`_rl_dispatch(key=24,
map=0x00000001007ddb20) at readline.c:866:10

(lldb) fr s 5
frame #5: 0x00000001004ccf64 bash`spname(oldname="", newname="") at spell.c:78:8
   75        if (*op == '\0')    /* Exact or corrected */
   76  {
   77    /* `.' is rarely the right thing. */
-> 78    if (oldname[1] == '\0' && newname[1] == '\0' &&
   79  oldname[0] != '.' && newname[0] == '.')
   80      return -1;
   81    return strcmp(oldname, newname) != 0;

(lldb) fr v oldname
(char *) oldname = 0x0000000102e0d0d0 ""

[Prev in Thread]

Current Thread

[Next in Thread]

asan report in spname, Grisha Levit <=
- Re: asan report in spname, Chet Ramey, 2023/03/14

Prev by Date: asan report in bash_add_history
Next by Date: asan report+fix in sh_mkdoublequoted
Previous by thread: asan report in bash_add_history
Next by thread: Re: asan report in spname
Index(es):
- Date
- Thread