bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Invalid byte sequence under UTF-8 locale generates a segmentation fault


From: Eduardo A . Bustamante López
Subject: Invalid byte sequence under UTF-8 locale generates a segmentation fault when using printf %q (ansic_quote)
Date: Thu, 13 Feb 2014 08:33:10 -0800
User-agent: Mutt/1.5.21 (2010-09-15)

Using an invalid byte sequence with printf %q segfaults bash, for a
UTF-8 locale.

Here are the steps to reproduce the fault:

gdb local/bin/bash
GNU gdb (GDB) 7.4.1-debian
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /home/dualbus/local/bin/bash...done.
(gdb) r ./invalid-utf8
Starting program: /home/dualbus/local/bin/bash ./invalid-utf8

Program received signal SIGSEGV, Segmentation fault.
0x00000000004b4bc0 in ansic_quote (str=0x7b0d68 "\031ަ", flags=0, rlen=0x0) at 
strtrans.c:282
282               *r++ = c;
(gdb) bt
#0  0x00000000004b4bc0 in ansic_quote (str=0x7b0d68 "\031ަ", flags=0, rlen=0x0) 
at strtrans.c:282
#1  0x00000000004a4121 in printf_builtin (list=0x7b0da8) at ./printf.def:567
#2  0x0000000000440e37 in execute_builtin (builtin=0x4a2e64 <printf_builtin>, 
words=0x7b0d48, flags=0, subshell=0)
    at execute_cmd.c:4337
#3  0x0000000000441a4a in execute_builtin_or_function (words=0x7b0d48, 
builtin=0x4a2e64 <printf_builtin>, var=0x0, redirects=0x0, 
    fds_to_close=0x7b08a8, flags=0) at execute_cmd.c:4758
#4  0x00000000004408e8 in execute_simple_command (simple_command=0x7b0648, 
pipe_in=-1, pipe_out=-1, async=0, fds_to_close=0x7b08a8)
    at execute_cmd.c:4161
#5  0x000000000043a796 in execute_command_internal (command=0x7b06c8, 
asynchronous=0, pipe_in=-1, pipe_out=-1, fds_to_close=0x7b08a8)
    at execute_cmd.c:787
#6  0x0000000000439d44 in execute_command (command=0x7b06c8) at 
execute_cmd.c:390
#7  0x00000000004255e1 in reader_loop () at eval.c:160
#8  0x0000000000423431 in main (argc=2, argv=0x7fffffffeab8, 
env=0x7fffffffead0) at shell.c:755
(gdb) info locals
r = 0x7b2000 <Address 0x7b2000 out of bounds>
ret = 0x7b0de8 
"$'\\031\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336\336",
 <incomplete sequence \336>...
s = 0x7b0d69 "ަ"
l = 0
rsize = 16
c = 222 '\336'
clen = 2
b = 0
wc = 1958 L'ަ'
(gdb) quit
A debugging session is active.

        Inferior 1 [process 28162] will be killed.

Quit anyway? (y or n) y
dualbus@debian:~$ cat invalid-utf8
LC_CTYPE=en_US.UTF-8
printf '%q\n' $'\031\336\246'
dualbus@debian:~$ bash invalid-utf8 
Segmentation fault
dualbus@debian:~$ bash --version
GNU bash, version 4.3.0(1)-rc2 (x86_64-unknown-linux-gnu)
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
dualbus@debian:~$ cat invalid-utf8-c-locale 
LC_CTYPE=C
printf '%q\n' $'\031\336\246'
dualbus@debian:~$ bash invalid-utf8-c-locale 
$'\031\336\246'
dualbus@debian:~$ logout



The commit that introduced the bug is the following:

$ git log -n1 --pretty=medium c920c360
commit c920c360da817d2ee755e8ed94ae7d5b9ce313db
Author: Chet Ramey <chet.ramey@case.edu>
Date:   Mon Jan 9 08:27:00 2012 -0500

    commit bash-20110902 snapshot

-- 
Eduardo Alan Bustamante López



reply via email to

[Prev in Thread] Current Thread [Next in Thread]