Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

Crash when completing a quoted string ending with '\'

0 views

Skip to first unread message

benoit.b...@ens-lyon.org

unread,

Dec 16, 2009, 8:28:37 PM12/16/09

to bug-...@gnu.org, ba...@packages.debian.org

Configuration Information [Automatically generated, do not change]:
Machine: i486
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='i486' -DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='i486-pc-linux-gnu' -DCONF_VENDOR='pc' -DLOCALEDIR='/usr/share/locale' -DPACKAGE='bash' -DSHELL -DHAVE_CONFIG_H -I. -I../bash -I../bash/include -I../bash/lib -g -O2 -Wall
uname output: Linux pirzuine 2.6.31-16-generic #52-Ubuntu SMP Thu Dec 3 22:00:22 UTC 2009 i686 GNU/Linux
Machine Type: i486-pc-linux-gnu

Bash Version: 4.0
Patch Level: 33
Release Status: release

Description:
Bash crashes when trying to complete a quoted string ending with '\'

Repeat-By:
Launch bash, type:
"\
and press TAB

See bash crash:
$ "\
malloc: unknown:0: assertion botched
free: start and end chunk sizes differ
last command: XXXXX
Aborting...Aborted

Fix:
The problem is in bash_dequote_filename(). If the string ends with '\',
then a spurious write of '\0' will happen after the end of the
allocated area. This will overwrite the guard and make the free() fail.

Following patch fixes it:
-- bash/bashline.c 2009-12-17 02:13:36.000000000 +0100
+++ /tmp/bashline.c 2009-12-17 02:12:10.000000000 +0100
@@ -3223,9 +3223,10 @@
else if (quoted == '"' && ((sh_syntaxtab[p[1]] & CBSDQUOTE) == 0))
*r++ = *p;

- *r++ = *++p;
- if (*p == '\0')
+ if (*++p == '\0')
break;
+
+ *r++ = *p;
continue;
}
/* Close quote. */

Chet Ramey

unread,

Dec 17, 2009, 10:24:31 AM12/17/09

to benoit.b...@ens-lyon.org, bug-...@gnu.org, ba...@packages.debian.org, chet....@case.edu

On 12/16/09 8:28 PM, benoit.b...@ens-lyon.org wrote:
> Configuration Information [Automatically generated, do not change]:
> Machine: i486
> OS: linux-gnu
> Compiler: gcc
> Compilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='i486' -DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='i486-pc-linux-gnu' -DCONF_VENDOR='pc' -DLOCALEDIR='/usr/share/locale' -DPACKAGE='bash' -DSHELL -DHAVE_CONFIG_H -I. -I../bash -I../bash/include -I../bash/lib -g -O2 -Wall
> uname output: Linux pirzuine 2.6.31-16-generic #52-Ubuntu SMP Thu Dec 3 22:00:22 UTC 2009 i686 GNU/Linux
> Machine Type: i486-pc-linux-gnu
>
> Bash Version: 4.0
> Patch Level: 33
> Release Status: release
>
> Description:
> Bash crashes when trying to complete a quoted string ending with '\'

Thanks for the report. This has already been fixed for bash-4.1.

Chet

--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU ch...@case.edu http://cnswww.cns.cwru.edu/~chet/

0 new messages