Re: popd controlled free (Segmentation fault) with bash 4.2.47, 4.3.48, and 4.4.5
On 11/26/16 12:51 AM, Mike Frysinger wrote:
> On 21 Nov 2016 10:13, Chet Ramey wrote:
>> On 11/21/16 6:47 AM, wer...@suse.de wrote:
>>> Bash Version: 4.2.47, 4.3.48, 4.4.5
>>> Release Status: release
>>> OpenSUSE bug: 1010845
>>> CVE: 2016-9401
>>>
>>> Description:
>>> popd controlled free (Segmentation fault) in all bash versions here
>>> around
>>
>> This has been fixed for a couple of weeks in the devel branch.
>
> can you cut a patch ?
Sure. It's not a security problem; it just seg faults.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRUc...@case.eduhttp://cnswww.cns.cwru.edu/~chet/
*** ../bash-4.4-patched/builtins/pushd.def 2016-01-25 13:31:49.0 -0500
--- builtins/pushd.def 2016-10-28 10:46:49.0 -0400
***
*** 366,370
}
! if (which > directory_list_offset || (directory_list_offset == 0 && which == 0))
{
pushd_error (directory_list_offset, which_word ? which_word : "");
--- 366,370
}
! if (which > directory_list_offset || (which < -directory_list_offset) || (directory_list_offset == 0 && which == 0))
{
pushd_error (directory_list_offset, which_word ? which_word : "");
***
*** 388,391
--- 388,396
of the list into place. */
i = (direction == '+') ? directory_list_offset - which : which;
+ if (i < 0 || i > directory_list_offset)
+ {
+ pushd_error (directory_list_offset, which_word ? which_word : "");
+ return (EXECUTION_FAILURE);
+ }
free (pushd_directory_list[i]);
directory_list_offset--;
signature.asc
Description: OpenPGP digital signature
Parameter expansion isn't performed first if it's in a parameter expansion
Configuration Information [Automatically generated, do not change]:
Machine: x86_64
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='x86_64'
-DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='x86_64-pc-linux-gnu'
-DCONF_VENDOR='pc' -DLOCALEDIR='/usr/share/locale' -DPACKAGE='bash'
-DSHELL -DHAVE_CONFIG_H -I. -I../. -I.././include -I.././lib
-Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector-strong
-Wformat -Werror=format-security -Wall -no-pie
uname output: Linux ubuntu 4.8.10 #1 SMP PREEMPT Mon Nov 21 22:50:58
CST 2016 x86_64 x86_64 x86_64 GNU/Linux
Machine Type: x86_64-pc-linux-gnu
Bash Version: 4.4
Patch Level: 5
Release Status: release
Description:
The manpage said that brace expansion is performed before any other
expansions. But I found it's not if it's in a parameter expansion.
Repeat-By:
$ unset a
$ echo ${a:{1..2}}
}
$ echo ${a:{1..2}
$ a=1234
$ echo ${a:{1..2}}
bash: a: {1..2: syntax error: operand expected (error token is "{1..2")
$ echo ${a:{1..2}
bash: a: {1..2: syntax error: operand expected (error token is "{1..2")
$ echo ${a:={1..2}}
1234}
Re: Parameter expansion isn't performed first if it's in a parameter expansion
On 11/26/16 8:52 AM, xuzhen wrote: > Bash Version: 4.4 > Patch Level: 5 > Release Status: release > > Description: > The manpage said that brace expansion is performed before any other > expansions. But I found it's not if it's in a parameter expansion. You're right. Bash doesn't perform brace expansion inside a parameter expansion. -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, UTech, CWRUc...@case.eduhttp://cnswww.cns.cwru.edu/~chet/
correct error message?
I was checking to see if an associative array had a member:
echo $BASH_VERSION
4.4.5(1)-release
declare -A requires=([squid]="-d /var/cache/squid/run")
This works as expected:
if [[ ${requires[xxx]:-} ]]; then echo ok; else echo not; fi
not
But this didn't (misspelling of hash name):
if [[ ${requirs[xxx]:-} ]]; then echo ok; else echo not; fi
bash: xxx: unbound variable
Shouldn't it have said:
bash: requirs: unbound variable?
