Corrupted syntax error messages for null substring expansion in arithmet

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Corrupted syntax error messages for null substring expansion in arithmet

From:	Edward Catmur
Subject:	Corrupted syntax error messages for null substring expansion in arithmetic expression
Date:	Wed, 24 May 2006 07:28:19 +0100

Hm, that's a mouthful.

Running bash 3.1.17.

$ bash -c 'foo=""; (( ${foo:1} < 10 ))'
bash: Xl: < 10 : syntax error: operand expected (error token is "< 10 ")
      ^^^
The characters indicated by carets above differ from run to run
depending on memory usage. Obviously, this indicates that bash is
spewing the contents of freed memory.

The freed string being read into the error message is (global)
this_command_name (evalerror in expr.c). Putting a watch in gdb on
this_command_name indicates that the point it is freed is subst.c line
6047:

  /* If this is a substring spec, process it and add the result. */
  if (want_substring)
    {
      temp1 = parameter_brace_substring (name, temp, value, quoted);
      FREE (name);
      FREE (value);
      FREE (temp);

On going into parameter_brace_substring(), parameter_brace_substring
assigns its first argument to this_command_name. When it is freed after
exit, this_command_name points to freed memory.

Simplest fix would probably be to have parameter_brace_substring assign
its return value to this_command_name before exit, to ensure that
this_command_name always points to valid memory.

Patch attached.

Ed Catmur

parameter_brace_substring-valid-this_command_name.patch
Description: Text Data

[Prev in Thread]

Current Thread

[Next in Thread]

Corrupted syntax error messages for null substring expansion in arithmetic expression, Edward Catmur <=

Prev by Date: Re: here document and STDIN
Next by Date: Translations of bash?
Previous by thread: here document and STDIN
Next by thread: Translations of bash?
Index(es):
- Date
- Thread