[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bash crashes while handling very long string in parameter expansion
From: |
Chet Ramey |
Subject: |
Re: Bash crashes while handling very long string in parameter expansion |
Date: |
Wed, 10 Aug 2016 07:53:33 -0400 |
User-agent: |
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 |
On 8/10/16 7:20 AM, Siteshwar Vashisht wrote:
>
> (gdb) frame 1
> #1 0x0000000000455a4a in sub_append_string (
> source=0x7ffef75de010
> "\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001.\001."...,
> target=0x74aad0 "\001C\001o\001m\001m\001a\001n\001d\001
> \001O\001u\001t\001p\001u\001t\001 :\001 \001c\001a\001t\001
> \001d\001a\001t\001a\001\061\001g\001 ",
> indx=0x7fffffffdd30, size=0x7fffffffdd34) at subst.c:722
> 722 FASTCOPY (source, target + *indx, srclen);
>
>
> (gdb) l 713,722
> 713
> 714 srclen = STRLEN (source);
> 715 if (srclen >= (int)(*size - *indx))
> 716 {
> 717 n = srclen + *indx;
> 718 n = (n + DEFAULT_ARRAY_SIZE) - (n % DEFAULT_ARRAY_SIZE);
> 719 target = (char *)xrealloc (target, (*size = n));
> 720 }
> 721
> 722 FASTCOPY (source, target + *indx, srclen);
>
> (gdb) p srclen
> $4 = -2147483648
Thanks, I'll take a look.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU chet@case.edu http://cnswww.cns.cwru.edu/~chet/