Re: null ptr deref / segfault in bash 4.4.0(1)-beta

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: null ptr deref / segfault in bash 4.4.0(1)-beta

From:	Chet Ramey
Subject:	Re: null ptr deref / segfault in bash 4.4.0(1)-beta
Date:	Sat, 19 Sep 2015 17:54:01 -0400
User-agent:	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.2.0

On 9/18/15 8:06 PM, Brian Carpenter wrote:
> While fuzzing bash 4.4.0(1)-beta compiled from the devel branch, I came
> across another script which triggers a null ptr dereference and a segfault.
> This script seems to crash these other versions of bash as well:
> 
> 4.2.37(1)-release on x86_64 Debian, 4.3.39(1)-release on x86_64 Red Hat
> 
> hexdump -v -C test00
> 00000000  5f 3d 28 7b 24 5b 3c 28  30 26 5f 3d 28 5d 29 0a  |_=({$[<(0&_=(]).|
> 00000010  30 29                                             |0)|
> 00000012

Thanks for the report.  This will be fixed in the next release of bash.

Chet

-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    chet@case.edu    http://cnswww.cns.cwru.edu/~chet/

[Prev in Thread]

Current Thread

[Next in Thread]

null ptr deref / segfault in bash 4.4.0(1)-beta, Brian Carpenter, 2015/09/18
- Re: null ptr deref / segfault in bash 4.4.0(1)-beta, Chet Ramey <=

Prev by Date: Re: SIGINT handling
Next by Date: Re: segfault in extract_delimited_string () at subst.c:1291 (bash 4.4.0(1)-beta)
Previous by thread: null ptr deref / segfault in bash 4.4.0(1)-beta
Next by thread: segfault in extract_delimited_string () at subst.c:1291 (bash 4.4.0(1)-beta)
Index(es):
- Date
- Thread