I think I just found a bug in the version of bash that ships with
Ubuntu 8.04 and 8.10; I've tested and reproduced it across x86_64 and
i386/i586 distributions as well as the server/desktop distributions.
Anybody else seen this in the wild?
From: dgets...@mywork.net
To: bug-bash@gnu.org,b...@packages.debian.org
Subject: Bash 3.2 dies upon flood of tab-completion requests for
invalid start string
Configuration Information [Automatically generated, do not change]:
Machine: i486
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='i486' -
DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='i486-pc-linux-gnu' -
DCONF_VENDOR='pc' -DLOCALEDIR='/usr/share/locale' -DPACKAGE='bash' -
DSHELL -DHAVE_CONFIG_H -I. -I../bash -I../bash/include -I../bash/
lib -g -O2 -Wall
uname output: Linux dgetsmanlinux 2.6.27-14-generic #1 SMP Fri Mar 13
18:00:20 UTC 2009 i686 GNU/Linux
Machine Type: i486-pc-linux-gnu
Bash Version: 3.2
Patch Level: 39
Release Status: release
Description:
Bash has a memory fault when overrun with tab-completion requests for
a starting string that does not exist in the particular tree
referenced.
Repeat-By:
I originally duplicated this problem on the host machine that I first
saw it on by laying on the tab key for a null string after the root
directory /<dir>/ was typed where <dir> was an NFS mounted fs. After
I noted this behavior was reproducible my cow orker duplicated it on
his workstation; both of these machines are Ubuntu 8 machines, one
being 8.04 and one 8.10. Here is a cut 'n paste of the actual output
of the bug in the wild:
---BEGIN PASTE---
Linux yyy 2.6.24-23-server #1 SMP Thu Nov 27 18:45:02 UTC
2008 x86_64
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
To access official Ubuntu documentation, please visit:
http://help.ubuntu.com/
Last login: Thu Mar 19 11:14:15 2009 from 192.168.1.30
dgets...@yyy:~$ ls /backup/zzz
malloc: ../bash/subst.c:4198: assertion botched
realloc: start and end chunk sizes differ
last command: jobs
Aborting...Connection to vmware-bismarck-alpha closed.
11:11:02 Thu Mar 19 - Jobs: 0 - Cmd: 4
dgets...@xxx:~$
Display all 2707 possibilities? (y or n)
---END PASTE---
Note: I forgot to mention that this bug seems to transcend the
differences between x86_64 and i386 as the original notation was
found on Ubuntu 8.04 x86_64 server.
Fix:
No idea.
