Bug#995013: csh: Certain input locks shell up and consumes all memory

0 views
Skip to first unread message

Jan Verbeek

unread,
Sep 24, 2021, 3:30:03 PMSep 24
to
Package: csh
Version: 20110502-6
Severity: normal

Hi,

Certain arguments cause csh to lock up and endlessly consume memory
until killed. I'm guessing this happens during parsing because the
code doesn't have to actually be executed.

The most I've been able to narrow it down is that it happens when a
command line contains both a backslash and an unquoted ܠ (U+0720
SYRIAC LETTER LAMADH).

Examples that trigger it:

true \ܠ

if (0) true \ܠ

true \ foo bar baz ܠ

true '\' ܠ

Examples that don't trigger it:

true ܠ

true \ 'ܠ'

I didn't manage to reproduce this on OpenBSD but I didn't try very
hard.

(This problem was found while fuzzing another piece of software.)

-- System Information:
Debian Release: 11.0
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-8-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages csh depends on:
ii libbsd0 0.11.3-1
ii libc6 2.31-13

csh recommends no packages.

csh suggests no packages.

-- no debconf information

Reply all
Reply to author
Forward
0 new messages