[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
v4.4 segfault in 'decode_prompt_string' when processing special paramete
From: |
Chris Schoenberg |
Subject: |
v4.4 segfault in 'decode_prompt_string' when processing special parameter |
Date: |
Sat, 21 Jul 2018 13:47:53 -0500 |
This only works in 4.4; earlier versions throw a 'bad substitution' error. It
causes an infinite loop of calls between 'expand_prompt_string' and
'decode_prompt_string',
where calls to 'xmalloc' exhaust the heap:
$\{_@P};${_@P}
I decided to report this because it is not a user-defined recursive
function and it exhausts the heap rather than the stack.
Here is a call trace that just repeats itself as you go back further (you
can see #7 and #0 are the same):
#0 decode_prompt_string (string=0x8dca08 "${_@P}") at
/usr/homes/chet/src/bash/src/parse.y:5471
#1 0x00000000004cf5e0 in string_transform (xc=<optimized out>, v=0x84ca88,
s=0x8dca08 "${_@P}") at subst.c:5127
#2 0x00000000004cc7c5 in parameter_brace_transform (varname=<optimized
out>, value=<optimized out>, ind=<optimized out>, xform=<optimized out>,
rtype=0,
quoted=<optimized out>, flags=<optimized out>) at subst.c:5263
#3 0x00000000004c5a3d in parameter_brace_expand (string=<optimized out>,
quoted=<optimized out>, pflags=<optimized out>,
contains_dollar_at=<optimized out>,
indexp=<optimized out>, quoted_dollar_atp=<optimized out>) at
subst.c:8364
#4 param_expand (string=<optimized out>, sindex=<optimized out>,
quoted=<optimized out>, expanded_something=<optimized out>,
contains_dollar_at=<optimized out>, quoted_dollar_at_p=<optimized out>,
had_quoted_null_p=<optimized out>, pflags=<optimized out>) at subst.c:8740
#5 0x00000000004b2640 in expand_word_internal (word=<optimized out>,
quoted=<optimized out>, isexp=<optimized out>,
contains_dollar_at=<optimized out>,
expanded_something=<optimized out>) at subst.c:9301
#6 0x00000000004b16ca in expand_prompt_string (string=0x8dc908 "${_@P}",
quoted=1, wflags=<optimized out>) at subst.c:3732
#7 0x0000000000434fe0 in decode_prompt_string (string=<optimized out>) at
/usr/homes/chet/src/bash/src/parse.y:5833
- v4.4 segfault in 'decode_prompt_string' when processing special parameter,
Chris Schoenberg <=