Re: Crash on completion

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Crash on completion

From:	Roman Rakus
Subject:	Re: Crash on completion
Date:	Tue, 09 Mar 2010 14:51:18 +0100
User-agent:	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.7) Gecko/20100120 Fedora/3.0.1-1.fc11 Lightning/1.0b2pre Thunderbird/3.0.1

On 03/09/2010 01:41 PM, Roman Rakus wrote:

On 03/09/2010 09:13 AM, Jan Schampera wrote:

Hello list,
hello Chet.

Bug reported on freenode's IRC #bash by: Satgi

There is a crash somewhere in completion (the last commandline is
completed using TAB):

   echo $BASH_VERSION
   4.1.2(1)-release
   mkdir -p the/?/directory
   ./the/\?/Segmentation fault (core dumped)

These completions DO NOT crash there (maybe that's a hint for you):
   cd the/\?/directory/
   cd ./the\?/directory/

Bash was invoked with the --norc option.

Tested versions:
- 4.1.2: SEGV
- 4.1 alpha: SEGV
- 4.0.0: SEGV
- 3.2.39: OK
- 3.2.25: OK

So it looks like this was introduced with 4.0. Here's a backtrace I got
from a coredump:

#0  0x0000000000460fde in command_word_completion_function
(hint_text=0x16cd028 "./the/\\?/", state=1) at bashline.c:1692
#1  0x000000000048c7cb in rl_completion_matches (text=0x16cd028
"./the/\\?/",
     entry_function=0x460ad0<command_word_completion_function>) at
complete.c:1887
#2  0x00000000004617a2 in bash_default_completion (text=0x16cd028
"./the/\\?/", start=0, end=9, qc=0, compflags=1)
     at bashline.c:1414
#3  0x0000000000462bba in attempt_shell_completion (text=0x16cd028
"./the/\\?/", start=0, end=9) at bashline.c:1363
#4  0x000000000048c867 in gen_completion_matches (text=0x16cd028
"./the/\\?/", start=207, end=0,
     our_func=0x48bff0<rl_filename_completion_function>,
found_quote=-808464433, quote_char=1) at complete.c:1023
#5  0x000000000048db70 in rl_complete_internal (what_to_do=9) at
complete.c:1746
#6  0x0000000000485c63 in _rl_dispatch_subseq (key=9, map=0x6d8d80,
got_subseq=0) at readline.c:769
#7  0x0000000000486447 in readline_internal_char () at readline.c:548
#8  0x000000000048685d in readline (prompt=<value optimized out>) at
readline.c:575
#9  0x00000000004292ea in yy_readline_get () at
/Users/chet/src/bash/src/parse.y:1314
#10 0x0000000000423708 in shell_getc (remove_quoted_newline=1) at
/Users/chet/src/bash/src/parse.y:1247
#11 0x0000000000425d45 in read_token (command=<value optimized out>) at
/Users/chet/src/bash/src/parse.y:2727
#12 0x000000000042985e in yyparse () at
/Users/chet/src/bash/src/parse.y:2360
#13 0x0000000000421102 in parse_command () at eval.c:228
#14 0x00000000004211e6 in read_command () at eval.c:272
#15 0x0000000000421434 in reader_loop () at eval.c:137
#16 0x0000000000420f56 in main (argc=1, argv=0x7fff6ad3f768,
env=0x7fff6ad3f778) at shell.c:741


Jan

The same in bash 4.1.2 without --norc option (invoked by `bash')
RR

The bash segfaults on the line `while (val =glob_matches[local_index++])', because glob_matches is pointer to NULL.I have add the check for this null. But this is most likely not theright patch.

RR

bash-crash.patch
Description: Text document

[Prev in Thread]

Current Thread

[Next in Thread]

Crash on completion, Jan Schampera, 2010/03/09
- Re: Crash on completion, Roman Rakus, 2010/03/09
  - Re: Crash on completion, Roman Rakus <=
    - Re: [bash-bug] Crash on completion, Dr. Werner Fink, 2010/03/09
- Re: Crash on completion, Chet Ramey, 2010/03/09
- Message not available
  - Re: Crash on completion, Jan Schampera, 2010/03/09

Prev by Date: Re: Crash on completion
Next by Date: Re: [bash-bug] Crash on completion
Previous by thread: Re: Crash on completion
Next by thread: Re: [bash-bug] Crash on completion
Index(es):
- Date
- Thread