realloc_jobs_list() in bash 3.1 doesn't zero out the unused entries of the jobs[] array, so bash may segfault later when trying to dereference these entries. A reliable way to reproduce the segfault, at least on i386 linux, is
% seq 0 10000 | while read line; do /bin/echo $line ; done | tail -2 4095 4096 This behaviour was reported by Laird Breyer <[EMAIL PROTECTED]> in the debian bug tracking system. (See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=347695 for details) The fix is quite simple: --- bash/jobs.c.orig 2006-02-03 22:27:07.000000000 +0100 +++ bash/jobs.c 2006-02-03 22:27:58.000000000 +0100 @@ -858,6 +858,9 @@ for (i = j = 0; i < js.j_jobslots; i++) if (jobs[i]) nlist[j++] = jobs[i]; + + for (i=j; i<nsize; i++) + nlist[i] = (JOB *)NULL; js.j_firstj = 0; js.j_lastj = (j > 0) ? j - 1: 0; _______________________________________________ Bug-bash mailing list Bug-bash@gnu.org http://lists.gnu.org/mailman/listinfo/bug-bash
