Bash crashes while handling very long string in parameter expansion
Configuration Information [Automatically generated, do not change]:
Machine: x86_64
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='x86_64'
-DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='x86_64-unknown-linux-gnu'
-DCONF_VENDOR='unknown' -DLOCALEDIR='/usr/local/share/locale' -DPACKAGE='bash'
-DSHELL -DHAVE_CONFIG_H -DDEBUG -DMALLOC_DEBUG -I. -I. -I./include -I./lib
-g -O2 -Wno-parentheses -Wno-format-security
uname output: Linux localhost.localdomain 4.7.0-0.rc7.git4.1.fc25.x86_64 #1 SMP
Mon Jul 18 15:59:11 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
Machine Type: x86_64-unknown-linux-gnu
Bash Version: 4.4
Patch Level: 0
Release Status: rc2
Description:
Bash crashes while handling very long string in parameter expansion.
Repeat-By:
Configure bash to compile with '--with-bash-malloc=no' parameter and
install it :
> ./configure --with-bash-malloc=no
Generate file with very long string by executing below commands :
> for i in $(seq 0 1023); do echo -n .; done > data1k
> for i in $(seq 0 1023); do cat data1k; done > data1m
> for i in $(seq 0 1023); do cat data1m; done > data1g
Script to reproduce the crash :
> cat test.sh
#!/bin/bash
_INPUT_LOG_FILE=$1
echo "Starting..."
CMD="cat ${_INPUT_LOG_FILE}"
OUT=`${CMD} 2>&1`
echo "${CMD} completed..."
echo "Command Output : ${CMD} ${OUT}" > /dev/null
exit 1
Execute the script :
/usr/local/bin/bash test.sh data1g
Result:
Bash crashes with segmentation fault
--
--
Siteshwar Vashisht
bash: remove the format string "%q" in the unicode3.sub
Hi all
When I run the tests for the bash, the sub-test unicode3.sub of
intl.tests failed.
The sub-test unicode3.sub contain the following:
payload=$'\065\247\100\063\231\053\306\123\070\237\242\352\263'
"$payload"
printf %q "$payload"
In this situation, the format string "%q" in command printf means that
when the
character in the payload is not in {alpha & digit & punctuation & ISO
646(7-bit)}, it
would print the string with ANSI-C style quoted string: $'...' , we can
check the source code
at:
http://git.savannah.gnu.org/cgit/bash.git/tree/builtins/printf.def#n557
http://git.savannah.gnu.org/cgit/bash.git/tree/lib/sh/strtrans.c#n207
Because the payload variable contain the above situation, so the test
results look like $'...' ,
when compared with the intl.right that contain the converted
character(extended ASCII), so
the test failed.
Can we remove the format string "%q", so just
printf "$payload"
In this way, the output of test is same as the intl.right.
//dengke
Re: Bash crashes while handling very long string in parameter expansion
On 8/9/16 5:46 AM, Siteshwar Vashisht wrote: > Bash Version: 4.4 > Patch Level: 0 > Release Status: rc2 > > Description: > Bash crashes while handling very long string in parameter expansion. You exceed the hard resource limit for your data segment size, and either the kernel kills the process or malloc fails and xmalloc() aborts the process. If malloc fails and returns 0, the shell will attempt to print an explanatory message. If that's not happening, the kernel is killing it. -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, UTech, CWRUc...@case.eduhttp://cnswww.cns.cwru.edu/~chet/
Re: bash: remove the format string "%q" in the unicode3.sub
On 8/9/16 3:18 AM, dengke...@windriver.com wrote:
> Hi all
>
> When I run the tests for the bash, the sub-test unicode3.sub of intl.tests
> failed.
>
> The sub-test unicode3.sub contain the following:
>
> payload=$'\065\247\100\063\231\053\306\123\070\237\242\352\263'
> "$payload"
> printf %q "$payload"
>
> In this situation, the format string "%q" in command printf means that when
> the
> character in the payload is not in {alpha & digit & punctuation & ISO
> 646(7-bit)}, it
> would print the string with ANSI-C style quoted string: $'...' , we can
> check the source code
This has already been changed in the devel branch (back in May, 2015), and
the test case and tets output was changed at the same time.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRUc...@case.eduhttp://cnswww.cns.cwru.edu/~chet/
Re: bash: remove the format string "%q" in the unicode3.sub
Hi chet
Thanks for you help.
1. This file:
http://git.savannah.gnu.org/cgit/bash.git/tree/tests/unicode3.sub?h=devel&id=74b8cbb41398b4453d8ba04d0cdd1b25f9dcb9e3
When executed to the 3 line:
"$payload"
On my target the output was:
unicode3.sub: line 3: 5�@3�+�S8: command not found
not the ANSI-C style quoted string like: $'...' in the changed compared
file intl.right, the same for the 5 line.
http://git.savannah.gnu.org/cgit/bash.git/diff/tests/intl.right?h=devel&id=74b8cbb41398b4453d8ba04d0cdd1b25f9dcb9e3
2. The fixed for
printf %q "$payload"
in intl.right is fine for me.
//dengke
On 2016年08月09日 22:39, Chet Ramey wrote:
On 8/9/16 3:18 AM, dengke...@windriver.com wrote:
Hi all
When I run the tests for the bash, the sub-test unicode3.sub of intl.tests
failed.
The sub-test unicode3.sub contain the following:
payload=$'\065\247\100\063\231\053\306\123\070\237\242\352\263'
"$payload"
printf %q "$payload"
In this situation, the format string "%q" in command printf means that when the
character in the payload is not in {alpha & digit & punctuation & ISO
646(7-bit)}, it
would print the string with ANSI-C style quoted string: $'...' , we can
check the source code
This has already been changed in the devel branch (back in May, 2015), and
the test case and tets output was changed at the same time.
