On Fri, Apr 25, 2025, 16:30 Александр Ушаков <[email protected]> wrote:
> I encountered an issue in Bash and would like to report it. crash3.txt is
> attached to the email. So this problem also appers after require my fix in my
> previous letter (SourceAv in rewind_input_string when trying to compare with
> rvalue). But I found other input data (crash3.txt) for triggering this SEGV
> (bypass SEGV in rewind_input_string).
>
> Steps to reproduce
>
> $ CC=clang-19 CFLAGS="-fsanitize=address -g -O0" ./configure
> --without-bash-malloc
> $ make
> $ cat crash3.txt | ./bash
After fix pushed today, can be simplified to:
./bash -n <<< 'f["$$(] f["$$(y=("("]'
ERROR: AddressSanitizer: SEGV on unknown address 0x0000ffffffff
Same as https://lists.gnu.org/r/bug-bash/2025-04/msg00081.html, the
address is from a bogus bash_input.location.string after a
pop_stream().
