bug-bash
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Reproducible SIGSEGV in bash 4.2 caused by alias.

From: Piotr Grzybowski
Subject: Re: Reproducible SIGSEGV in bash 4.2 caused by alias.
Date: Thu, 10 Oct 2013 23:40:31 +0200 
 a small correction, if I may; while that was all very sweet, there
are two issues here:

1. recursion_count has to be reset somewhere, or else it is a global
alias limit :)
2. a better place for this limit is acctually eval (probably leaving
alias recursion limit, before Oliver starts playing with it, is also a
good idea?):

---
 builtins/eval.def | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/builtins/eval.def b/builtins/eval.def
index 5e824c9..63b338b 100644
--- a/builtins/eval.def
+++ b/builtins/eval.def
@@ -44,11 +44,20 @@ $END
 #include "bashgetopt.h"
 #include "common.h"

+#define MAX_RECURSIONS 255
+static int recursion_count=0;
+
 /* Parse the string that these words make, and execute the command found. */
 int
 eval_builtin (list)
      WORD_LIST *list;
 {
+  if (recursion_count>MAX_RECURSIONS) {
+   printf("\n eval: recursion limit reached.\n");
+   return (EXECUTION_FAILURE);
+  }
+  recursion_count++;
+
   if (no_options (list))
     return (EX_USAGE);
   list = loptend;      /* skip over possible `--' */
-- 
1.8.4

 taking into account the way eval is (ab)used it is probably a good
choice to have some recursion protection.
 now: where to set recursion_count to 0?

cheers,
pg


On Thu, Oct 10, 2013 at 5:44 PM, Piotr Grzybowski <narsil.pl@gmail.com> wrote:
> helo all!
>
> I agree, it is abit off a bug. That should fix it (coding and writting from
> my mobile, so sorry for bad style ;-)) :
>
> cheers,
> pg
>
> ---
> builtins/alias.def | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/builtins/alias.def b/builtins/alias.def
> index d760ceb..7a7b510 100644
> --- a/builtins/alias.def
> +++ b/builtins/alias.def
> @@ -67,6 +67,9 @@ static void print_alias __P((alias_t *, int));
>
> extern int posixly_correct;
>
> +#define MAX_RECURSIONS 255
> +static int recursion_count=0;
> +
> /* Hack the alias command in a Korn shell way. */
> int
> alias_builtin (list)
> @@ -76,6 +79,10 @@ alias_builtin (list)
>    alias_t **alias_list, *t;
>    char *name, *value;
>
> +  if (recursion_count>MAX_RECURSIONS) {
> +   return EXECUTION_FAILURE;
> +  }
> +  recursion_count++;
>    dflags = posixly_correct ? 0 : AL_REUSABLE;
>    pflag = 0;
>    reset_internal_getopt ();
> --
> 1.8.4
>
>
> On Oct 10, 2013 11:50 AM, "Oliver J. Morais" <oliver.morais@gmail.com>
> wrote:
>>
>> [Thu, Oct 10, 2013 at 11:38:47AM +0200] Andreas Schwab
>> > "Oliver J. Morais" <oliver.morais@gmail.com> writes:
>> > > Playing around with aliases, I stumbled over the following:
>> > > $ alias alias="eval alias"
>> > > $ alias foo=bar
>> > You have created an infinite recursion, same as f() { f; }; f.
>>
>> Sure, but I think bash should not just crash, zsh for example catches
>> this glitch:
>>
>> % alias alias="eval alias"
>> % alias foo=bar
>> zsh: job table full or recursion limit exceeded
>>
>> I know, bash != zsh and the eval-alias-foo is a silly thing to do,
>> but crashing is a bug :)
>>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]