bug-bash
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NULL pointer dereference crash

From: Nicolas Vivet
Subject: NULL pointer dereference crash
Date: Thu, 30 Jun 2016 11:43:56 +0200
User-agent: alot/0.3.7 
Configuration Information [Automatically generated, do not change]:
Machine: x86_64
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS:  -DPROGRAM='bash' -DCONF_HOSTTYPE='x86_64' 
-DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='x86_64-unknown-linux-gnu' 
-DCONF_VENDOR='unknown' -DLOCALEDIR='/usr/local/share/locale' -DPACKAGE='bash' 
-DSHELL -DHAVE_CONFIG_H   -I.  -I. -I./include -I./lib   -g -O2
uname output: Linux vesta 4.5.4 #1 SMP PREEMPT Wed May 11 22:21:28 CEST 2016 
x86_64 GNU/Linux
Machine Type: x86_64-unknown-linux-gnu

Bash Version: 4.3
Patch Level: 0
Release Status: release

Description:
        bash dereferences a NULL pointer when the last call to fork has failed.

Repeat-By:

        $ gdb -q ./bash
        Reading symbols from ./bash...done.
        (gdb) break fork
        Breakpoint 1 at 0x41de50
        (gdb) run --norc
        Starting program: /home/n/bash-4.3/bash --norc
        bash-4.3$ echo foo bar
        foo bar
        bash-4.3$ ls
        
        Breakpoint 1, 0x00007ffff767e534 in fork () from /usr/lib/libc.so.6
        (gdb) return (int) -1
        Make selected stack frame return now? (y or n) y
        #0  0x0000000000445c11 in make_child (command=0x7034a8 "ls", 
async_p=async_p@entry=0) at jobs.c:1747
        1747      while ((pid = fork ()) < 0 && errno == EAGAIN && forksleep < 
FORKSLEEP_MAX)
        (gdb) c
        Continuing.
        bash: fork: No such file or directory
        bash-4.3$ echo foo bar
        foo bar
        
        Program received signal SIGSEGV, Segmentation fault.
        wait_for (pid=-1) at jobs.c:2556
        2556                                          : process_exit_status 
(child->status);
        (gdb) p child
        $1 = (PROCESS *) 0x0


Fix:

        $ diff -p jobs.c.orig jobs.c
        *** jobs.c.orig 2014-01-10 15:05:34.000000000 +0100
        --- jobs.c      2016-06-30 11:35:16.644672555 +0200
        *************** itrace("wait_for: blocking wait for %d r
        *** 2520,2526 ****
                      if (pid == ANY_PID)
                        {
                          termination_state = -1;
        !                 break;
                        }
                    }
          #endif /* WAITPID_BROKEN */
        --- 2520,2526 ----
                      if (pid == ANY_PID)
                        {
                          termination_state = -1;
        !                 goto wait_for_return;
                        }
                    }
          #endif /* WAITPID_BROKEN */
reply via email to
[Prev in Thread] Current Thread [Next in Thread]