Configuration Information [Automatically generated, do not change]: Machine: i486 OS: linux-gnu Compiler: gcc Compilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='i486' -DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='i486-pc-linux-gnu' -DCONF_VENDOR='pc' -DLOCALEDIR='/usr/share/ locale' -DPACKAGE='bash' -DSHELL -DHAVE_CONFIG_H -I. -I../bash -I../bash/include -I../bash/lib -g -O2 uname output: Linux sauna 2.6.18-4-k7 #1 SMP Wed May 9 23:42:01 UTC 2007 i686 GNU/Linux Machine Type: i486-pc-linux-gnu
Bash Version: 3.1 Patch Level: 17 Release Status: release Description: Bash segfaults with the above command. GDB shows that the segfault happens in strsub(). I noticed this problem when I ran the saturn static analysis program ( http://saturn.stanford.edu/ ) against bash source code and it reported stringlib.c:173:red:Intraprocedural Null error stringlib.c:173:Possible NULL dereference of temp+templen Repeat-By: fc -s ""="" "" Fix: I don't know what the behavior of strsub() should be when both pat and rep are empty strings. Maybe it should just exit without doing any changes to the string?
