On 03/09/2010 01:41 PM, Roman Rakus wrote:
On 03/09/2010 09:13 AM, Jan Schampera wrote:
Hello list,
hello Chet.
Bug reported on freenode's IRC #bash by: Satgi
There is a crash somewhere in completion (the last commandline is
completed using TAB):
echo $BASH_VERSION
4.1.2(1)-release
mkdir -p the/?/directory
./the/\?/Segmentation fault (core dumped)
These completions DO NOT crash there (maybe that's a hint for you):
cd the/\?/directory/
cd ./the\?/directory/
Bash was invoked with the --norc option.
Tested versions:
- 4.1.2: SEGV
- 4.1 alpha: SEGV
- 4.0.0: SEGV
- 3.2.39: OK
- 3.2.25: OK
So it looks like this was introduced with 4.0. Here's a backtrace I got
from a coredump:
#0 0x0000000000460fde in command_word_completion_function
(hint_text=0x16cd028 "./the/\\?/", state=1) at bashline.c:1692
#1 0x000000000048c7cb in rl_completion_matches (text=0x16cd028
"./the/\\?/",
entry_function=0x460ad0<command_word_completion_function>) at
complete.c:1887
#2 0x00000000004617a2 in bash_default_completion (text=0x16cd028
"./the/\\?/", start=0, end=9, qc=0, compflags=1)
at bashline.c:1414
#3 0x0000000000462bba in attempt_shell_completion (text=0x16cd028
"./the/\\?/", start=0, end=9) at bashline.c:1363
#4 0x000000000048c867 in gen_completion_matches (text=0x16cd028
"./the/\\?/", start=207, end=0,
our_func=0x48bff0<rl_filename_completion_function>,
found_quote=-808464433, quote_char=1) at complete.c:1023
#5 0x000000000048db70 in rl_complete_internal (what_to_do=9) at
complete.c:1746
#6 0x0000000000485c63 in _rl_dispatch_subseq (key=9, map=0x6d8d80,
got_subseq=0) at readline.c:769
#7 0x0000000000486447 in readline_internal_char () at readline.c:548
#8 0x000000000048685d in readline (prompt=<value optimized out>) at
readline.c:575
#9 0x00000000004292ea in yy_readline_get () at
/Users/chet/src/bash/src/parse.y:1314
#10 0x0000000000423708 in shell_getc (remove_quoted_newline=1) at
/Users/chet/src/bash/src/parse.y:1247
#11 0x0000000000425d45 in read_token (command=<value optimized out>) at
/Users/chet/src/bash/src/parse.y:2727
#12 0x000000000042985e in yyparse () at
/Users/chet/src/bash/src/parse.y:2360
#13 0x0000000000421102 in parse_command () at eval.c:228
#14 0x00000000004211e6 in read_command () at eval.c:272
#15 0x0000000000421434 in reader_loop () at eval.c:137
#16 0x0000000000420f56 in main (argc=1, argv=0x7fff6ad3f768,
env=0x7fff6ad3f778) at shell.c:741
Jan
The same in bash 4.1.2 without --norc option (invoked by `bash')
RR
The bash segfaults on the line `while (val =
glob_matches[local_index++])', because glob_matches is pointer to NULL.
I have add the check for this null. But this is most likely not the
right patch.
RR
diff -up bash-4.1/bashline.c.crash bash-4.1/bashline.c
--- bash-4.1/bashline.c.crash 2010-03-09 14:26:06.000000000 +0100
+++ bash-4.1/bashline.c 2010-03-09 14:46:10.000000000 +0100
@@ -1700,7 +1700,8 @@ globword:
return ((char *)NULL);
}
- while (val = glob_matches[local_index++])
+ /* make sure glob_matches is not NULL */
+ while (glob_matches && (val = glob_matches[local_index++]))
{
if (executable_or_directory (val))
{
