declare ref[x] segfault and garbage values

From: Grisha Levit
Date: Thu, 2 Jun 2016 07:08:04 -0400

These are maybe similar to the less-interesting issue of namerefs pointing to array subscripts, but are triggered by relatively normal assignments:

This one is really strange:

declare -n re=xx
declare re[4]=78901234567890123456789012
echo ${!re*}
Segmentation fault: 11

The assignment _expression_ can use different subscripts/values, but the total length has to be at least 32 bytes to trigger the segfault.

The last command can also be unset xx, unset re, or anything that uses the full variable list like export, readonly : ${!foo*}, etc

Assignments longer than 16 bytes just don’t work:

declare -n re=xx
declare re[4]=7890123456
declare -p xx
declare -a xx=()

Some random memory(?) is assigned to a variable in this pathological case:

declare -n re=xx[0]
declare re[45678901234]=
declare -p xx
declare -a xx=([0]=$'address@hidden')

