bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Core dump on empty herestring


From: taviso
Subject: Core dump on empty herestring
Date: Wed, 9 Jul 2003 15:12:43 GMT

Configuration Information [Automatically generated, do not change]:
Machine: alphaev56
OS: linux-gnu
Compiler: ccc
Compilation CFLAGS:  -DPROGRAM='bash' -DCONF_HOSTTYPE='alphaev56' 
-DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='alphaev56-unknown-linux-gnu' 
-DCONF_VENDOR='unknown' -DSHELL -DHAVE_CONFIG_H  -I.  -I. -I./include -I./lib  
-host -fast
uname output: Linux amnesiac 2.4.20-grsec #1 Sun Jun 8 23:10:14 BST 2003 alpha 
EV56  GNU/Linux
Machine Type: alphaev56-unknown-linux-gnu

Bash Version: 2.05b
Patch Level: 0
Release Status: release

Description:

        bash 2.05b, including official patches upto bash205b-007, dumps core on 
an empty herestring in redir.c.

Repeat-By:
        
        Two examples:
        
        $ read junk <<< ${EMPTY_VARIABLE}
        Segmentation fault (core dumped)
        
        $ xargs <<< `true`
        Segmentation fault (core dumped)

Fix:

diff -u bash-2.05b.orig/redir.c bash-2.05b/redir.c
--- bash-2.05b.orig/redir.c     2002-03-12 20:27:38.000000000 +0000
+++ bash-2.05b/redir.c  2003-05-01 13:04:07.000000000 +0100
@@ -263,8 +263,10 @@
   int herelen, n, e;
 
   herestr = expand_string_to_string (redirectee->word, 0);
-  herelen = strlen (herestr);
 
+  /* verify string wasnt empty */
+  herelen = (herestr == NULL) ? 0 : strlen (herestr);
+  
   n = write (fd, herestr, herelen);
   if (n == herelen)
     {





reply via email to

[Prev in Thread] Current Thread [Next in Thread]