bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bash crashes with trapped SIGCHLD and read -t.


From: Chet Ramey
Subject: Re: Bash crashes with trapped SIGCHLD and read -t.
Date: Fri, 25 Jan 2013 10:33:15 -0500
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130107 Thunderbird/17.0.2

On 1/24/13 12:10 PM, konsolebox wrote:
>     This doesn't help a lot.  How about building bash-4.2.42 with -g so
>     debugging symbols are preserved, then seeing where the crash is?
> 
> 
> I compiled 4.2.42 using gcc 4.6.3 (C[XX]FLAGS="-march=native -O2 -g"). It
> took longer before the crash occurred and this is the report I got:
> 
> malloc: ./read.def:696: assertion botched
> free: called with already freed block argument
> Aborting...catch.

OK, I was able to figure it out.  The problem is that the `read -t'
generates SIGALRM, which sometimes arrives and is handled while the SIGCHLD
trap is running (bash-4.2 runs the SIGCHLD trap immediately).  This
violates assumptions bash makes about the state of the unwind-protect
stack, and results in a double free because the free bash thinks it's
avoiding actually happens.

The real fix is coming in the next release of bash, with an extensive
reworking of how signal handlers and traps are run, but the attached
patch should be able to get you through the seg fault.

Chet

-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    address@hidden    http://cnswww.cns.cwru.edu/~chet/

Attachment: read-sigalrm.patch
Description: Source code patch


reply via email to

[Prev in Thread] Current Thread [Next in Thread]