global-buffer-overflow in parse.y

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

global-buffer-overflow in parse.y

From:	Grisha Levit
Subject:	global-buffer-overflow in parse.y
Date:	Fri, 3 Mar 2023 02:22:35 -0500

$ ./bash -c 'case x in x) if ((1)); then :; fi ;; esac'
parse.y:974:82: runtime error: index -1 out of bounds for type 'int[257]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior parse.y:974:82 in
=================================================================
==52960==ERROR: AddressSanitizer: global-buffer-overflow
READ of size 4 at 0x000100cf26dc thread T0
    #0 0x1004b63c8 in yyparse parse.y:974

$ ./bash -c 'case x in x) if ((1)); then :; fi esac'
parse.y:979:82: runtime error: index -1 out of bounds for type 'int[257]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior parse.y:979:82 in
=================================================================
==52850==ERROR: AddressSanitizer: global-buffer-overflow
READ of size 4 at 0x000100b0e6dc thread T0
    #0 0x1002d2808 in yyparse parse.y:979

both of these are like:

|    CASE WORD newline_list IN case_clause ESAC
        {
            $$ = make_case_command ($2, $5, word_lineno[word_top]);
            if (word_top >= 0) word_top--;
        }

and word_top == -1

[Prev in Thread]

Current Thread

[Next in Thread]

global-buffer-overflow in parse.y, Grisha Levit <=
- Re: global-buffer-overflow in parse.y, Chet Ramey, 2023/03/06
  - Re: global-buffer-overflow in parse.y, Grisha Levit, 2023/03/16
    - Re: global-buffer-overflow in parse.y, Chet Ramey, 2023/03/17

Prev by Date: Re: undo list free crash
Next by Date: Re: Vulnerability Report(UI Redressing)
Previous by thread: Re: undo list free crash
Next by thread: Re: global-buffer-overflow in parse.y
Index(es):
- Date
- Thread