On 17/09/15 18:20, Greg Wooledge wrote: > On Thu, Sep 17, 2015 at 11:50:44AM -0500, Brian Carpenter wrote: >> While fuzzing GNU bash version 4.3.42(1)-release >> (x86_64-unknown-linux-gnu) with AFL(http://lcamtuf.coredump.cx/afl), I >> stumbled upon a 4-byte 'script' that triggers a null ptr deref and causes a >> segfault. >> >> https://savannah.gnu.org/support/index.php?108885 > > Well, that's an annoying web-to-mail interface. It didn't include the > full bug report? > > The web page says the hexdump of the attached script is 3b21 2620 > which I would normally interpret as `;!& '. > > But the attached script itself is actually `!; &'. Apparently the > hex dump tool in question is doing some sort of 16-bit grouping with > little endian byte swapping. > > After getting the correct content into the script, I can reproduce > this on HP-UX in 4.3.39: > > imadev:~$ printf '!; &' > x > imadev:~$ bash x > Segmentation fault (core dumped)
FWIW _not_ reproduced with bash-4.3.39-1.fc22.x86_64
