bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Probable internal memory allocator bug


From: Patrick Marlier
Subject: Probable internal memory allocator bug
Date: Thu, 31 Jan 2013 15:28:55 +0100

Here a testcase that makes bash crashes with many different ways (segfault,
invalid commands, ...). Note that you may need to run it few times before
to make it crash.

# Enable child monitor
set -m

function child_exited() {
  #allocating memory
  v="Child exited with $?"
  vv=($(ls))
}

trap 'child_exited' CHLD

for cfile in $(seq 1 1000)
do
  # just to show the progress...
  echo -n "."
  # allocating memory
  temp=($(ls))
  # spawning a child
  /bin/true 1>/dev/null &
done
echo "Waiting all processes to finish"
wait

After tracing a bit the code, the problem seems to be a race condition in
the internal memory allocation (lib/malloc) due to the trap.

As Chet Ramey mentioned few days ago, I guess the next release of bash with
the rework on signal handlers and traps will fix this but I think it is a
good time to have a testcase before the next release.

Tested on different linux (Gentoo/Ubuntu), different Intel CPU
(x86_64/i686) and with different bash version (4.2.37/4.2.42). Funny fact:
I was not able to reproduce with an AMD CPU.

Thanks.
--
Patrick Marlier


reply via email to

[Prev in Thread] Current Thread [Next in Thread]