heredoc in command subst bug?

[Eric Blake]

I'm not sure whether this is a bug in POSIX or in bash, but I noticed the 
following with bash-3.2.39.

$ bash -c 'foo=$(cat 

bash signal handling coredump on Linux

[Carlo Nyto]

On a CentOS 4.4 system on a x86_64, using bash 3.0 (Redhat's
bash-3.0-19.3 package), bash coredumped when the stack filled up.
Looks like signals being received from within a signal handler to me.
This happened after someone hit ctrl-c many times while tail -f'ing a
log file that was being written to at an insane rate.

Below is the stack trace from when their login bash shell coredumped.
I have never seen bash coredump on these systems (hundreds of HP DL360
G5's running CentOS 4.4 with kernel 2.6.9-67). This system, however,
is running Linux kernel 2.6.25.3. I wanted to deploy this kernel to a
few more systems, therefore my concern that I have uncovered a kernel
bug, or a change in signal handling behavior that will confuse bash or
other processes.

# rpm -q bash
bash-3.0-19.3.x86_64
# uname -r
2.6.25.3

Core was generated by `-bash'.
Program terminated with signal 11, Segmentation fault.
[...]
#0  0x003fd4a76200 in mbrtowc
   () from /lib64/tls/libc.so.6
(gdb) bt
#0  0x003fd4a76200 in mbrtowc () from /lib64/tls/libc.so.6
#1  0x00473888 in rl_redisplay ()
#2  0x00471968 in rl_clear_message ()
#3  0x00474505 in rl_free_line_state ()
#4  0x004745c1 in rl_free_line_state ()
#5  
#6  0x003fd4a2e743 in sigprocmask () from /lib64/tls/libc.so.6
#7  0x00474582 in rl_free_line_state ()
#8  
#9  0x003fd4a2e743 in sigprocmask () from /lib64/tls/libc.so.6
#10 0x00474582 in rl_free_line_state ()
#11 
#12 0x003fd4a2e743 in sigprocmask () from /lib64/tls/libc.so.6
#13 0x00474582 in rl_free_line_state ()
[...repeat many times...]
#33417 0x003fd4a2e743 in sigprocmask () from /lib64/tls/libc.so.6
#33418 0x00474582 in rl_free_line_state ()
#33419 
#33420 0x003fd4a2e743 in sigprocmask () from /lib64/tls/libc.so.6
#33421 0x00474582 in rl_free_line_state ()
#33422 
#33423 0x003fd4a2e5ed in sigaction () from /lib64/tls/libc.so.6
#33424 0x0047417d in _rl_current_display_line ()
#33425 0x0047421c in _rl_current_display_line ()
#33426 0x004742dc in rl_set_signals ()
#33427 0x00466e75 in readline ()
#33428 0x0041a3ea in yy_input_name ()
#33429 0x0041c1c5 in execute_prompt_command ()
#33430 0x0041d291 in execute_prompt_command ()
#33431 0x0041fd0d in yyparse ()
#33432 0x00419e42 in parse_command ()
#33433 0x00419ee8 in read_command ()
#33434 0x0041a05d in reader_loop ()
#33435 0x004192a0 in main ()

Also seen in syslog:
kernel: bash[9443]: segfault at 765ddff8 ip 3fd4a76200
sp765ddfe0 error 6 in libc-2.3.4.so[3fd4a0+12b000]
kernel: bash used greatest stack depth: 3096 bytes left