[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
COMP_WORDBREAKS and shopt hostcomplete cause crash
|
From: |
mike |
|
Subject: |
COMP_WORDBREAKS and shopt hostcomplete cause crash |
|
Date: |
Sun, 9 Nov 2008 14:16:32 -0700 |
|
User-agent: |
Mutt/1.5.17+20080114 (2008-01-14) |
Configuration Information [Automatically generated, do not change]:
Machine: i486
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='i486'
-DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='i486-pc-linux-gnu'
-DCONF_VENDOR='pc' -DLOCALEDIR='/usr/share/locale' -DPACKAGE='bash' -DSHELL
-DHAVE_CONFIG_H -I. -I../bash -I../bash/include -I../bash/lib -g -O2 -Wall
uname output: Linux kvm1 2.6.27-7-generic #1 SMP Tue Nov 4 19:33:20 UTC 2008
i686 GNU/Linux
Machine Type: i486-pc-linux-gnu
Bash Version: 3.2
Patch Level: 39
Release Status: release
Description:
get_comp_wordbreaks() in variables.c records the value of
rl_completer_word_break_characters into the COMP_WORDBREAKS
variable value field. But enable_hostname_completion() frees it
and allocates new memory for rl_completer_word_break_characters
without updating the COMP_WORDBREAKS variable value field.
Eventually shell_reinitialize is used and calls
delete_all_contexts(shell_variables), freeing the COMP_WORDBREAKS
value memory a second time. That can happen when the shell
is running a shell script that doesn't have a "#!/bin/bash" line.
The corruption causes a shell crash or hang. The exact results
depend on what (if any) unfortunate code allocated the freed memory
before the extra call to free it.
Repeat-By:
$ echo date > btest.sh; chmod +x btest.sh
$ /bin/bash -c 'shopt -u hostcomplete;echo $COMP_WORDBREAKS;shopt -s
hostcomplete;exec ./btest.sh'
"'><=;|&(:
malloc: ../bash/variables.c:2296: assertion botched
free: called with already freed block argument
Aborting...Aborted
Fix:
Make a copy of the rl_completer_word_break_characters value instead of
using the original address.
diff --git a/variables.c b/variables.c
index 072a590..e9705ba 100644
--- a/variables.c
+++ b/variables.c
@@ -1314,7 +1314,8 @@ get_comp_wordbreaks (var)
if (rl_completer_word_break_characters == 0 && bash_readline_initialized ==
0)
enable_hostname_completion (perform_hostname_completion);
- var_setvalue (var, rl_completer_word_break_characters);
+ FREE (value_cell (var));
+ var_setvalue (var, savestring (rl_completer_word_break_characters));
return (var);
}
--
Mike Stroyan <mike@stroyan.net>
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- COMP_WORDBREAKS and shopt hostcomplete cause crash,
mike <=