[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Reproducible SIGSEGV in bash 4.2 caused by alias.
From: |
Piotr Grzybowski |
Subject: |
Re: Reproducible SIGSEGV in bash 4.2 caused by alias. |
Date: |
Thu, 10 Oct 2013 23:40:31 +0200 |
a small correction, if I may; while that was all very sweet, there
are two issues here:
1. recursion_count has to be reset somewhere, or else it is a global
alias limit :)
2. a better place for this limit is acctually eval (probably leaving
alias recursion limit, before Oliver starts playing with it, is also a
good idea?):
---
builtins/eval.def | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/builtins/eval.def b/builtins/eval.def
index 5e824c9..63b338b 100644
--- a/builtins/eval.def
+++ b/builtins/eval.def
@@ -44,11 +44,20 @@ $END
#include "bashgetopt.h"
#include "common.h"
+#define MAX_RECURSIONS 255
+static int recursion_count=0;
+
/* Parse the string that these words make, and execute the command found. */
int
eval_builtin (list)
WORD_LIST *list;
{
+ if (recursion_count>MAX_RECURSIONS) {
+ printf("\n eval: recursion limit reached.\n");
+ return (EXECUTION_FAILURE);
+ }
+ recursion_count++;
+
if (no_options (list))
return (EX_USAGE);
list = loptend; /* skip over possible `--' */
--
1.8.4
taking into account the way eval is (ab)used it is probably a good
choice to have some recursion protection.
now: where to set recursion_count to 0?
cheers,
pg
On Thu, Oct 10, 2013 at 5:44 PM, Piotr Grzybowski <narsil.pl@gmail.com> wrote:
> helo all!
>
> I agree, it is abit off a bug. That should fix it (coding and writting from
> my mobile, so sorry for bad style ;-)) :
>
> cheers,
> pg
>
> ---
> builtins/alias.def | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/builtins/alias.def b/builtins/alias.def
> index d760ceb..7a7b510 100644
> --- a/builtins/alias.def
> +++ b/builtins/alias.def
> @@ -67,6 +67,9 @@ static void print_alias __P((alias_t *, int));
>
> extern int posixly_correct;
>
> +#define MAX_RECURSIONS 255
> +static int recursion_count=0;
> +
> /* Hack the alias command in a Korn shell way. */
> int
> alias_builtin (list)
> @@ -76,6 +79,10 @@ alias_builtin (list)
> alias_t **alias_list, *t;
> char *name, *value;
>
> + if (recursion_count>MAX_RECURSIONS) {
> + return EXECUTION_FAILURE;
> + }
> + recursion_count++;
> dflags = posixly_correct ? 0 : AL_REUSABLE;
> pflag = 0;
> reset_internal_getopt ();
> --
> 1.8.4
>
>
> On Oct 10, 2013 11:50 AM, "Oliver J. Morais" <oliver.morais@gmail.com>
> wrote:
>>
>> [Thu, Oct 10, 2013 at 11:38:47AM +0200] Andreas Schwab
>> > "Oliver J. Morais" <oliver.morais@gmail.com> writes:
>> > > Playing around with aliases, I stumbled over the following:
>> > > $ alias alias="eval alias"
>> > > $ alias foo=bar
>> > You have created an infinite recursion, same as f() { f; }; f.
>>
>> Sure, but I think bash should not just crash, zsh for example catches
>> this glitch:
>>
>> % alias alias="eval alias"
>> % alias foo=bar
>> zsh: job table full or recursion limit exceeded
>>
>> I know, bash != zsh and the eval-alias-foo is a silly thing to do,
>> but crashing is a bug :)
>>