Crash on large brace expansion
Hi all,
Executing the following results in a fierce crash:
$ bash -c '{0..255}.{0..255}.{0..255}.{0..255}'
malloc(): unaligned fastbin chunk detected 2
Aborted (core dumped)
Backtrace:
#0 0x7f8999dd22a2 in raise () from /lib64/libc.so.6
#1 0x7f8999dbb8a4 in abort () from /lib64/libc.so.6
#2 0x7f8999e14a97 in __libc_message () from /lib64/libc.so.6
#3 0x7f8999e1c70c in malloc_printerr () from /lib64/libc.so.6
#4 0x7f8999e1ff6c in _int_malloc () from /lib64/libc.so.6
#5 0x7f8999e21177 in malloc () from /lib64/libc.so.6
#6 0x559e8c77e2ad in xmalloc (bytes=9) at
/usr/src/debug/bash-5.1.0-2.fc34.x86_64/xmalloc.c:114
#7 array_concat (arr2=0x7f89847e0010, arr1=0x559e8c9415b0) at
/usr/src/debug/bash-5.1.0-2.fc34.x86_64/braces.c:770
#8 array_concat (arr1=arr1@entry=0x559e8c9415b0,
arr2=arr2@entry=0x7f89847e0010) at
/usr/src/debug/bash-5.1.0-2.fc34.x86_64/braces.c:732
#9 0x559e8c785243 in brace_expand (text=) at
/usr/src/debug/bash-5.1.0-2.fc34.x86_64/braces.c:272
#10 0x559e8c779d2a in brace_expand_word_list (eflags=,
tlist=0x559e8c930ee0) at /usr/src/debug/bash-5.1.0-2.fc34.x86_64/subst.c:11516
#11 expand_word_list_internal (list=, eflags=31) at
/usr/src/debug/bash-5.1.0-2.fc34.x86_64/subst.c:11988
#12 0x559e8c73e9bf in expand_words (list=0x559e8c93e9a0) at
/usr/src/debug/bash-5.1.0-2.fc34.x86_64/subst.c:11350
#13 execute_simple_command (simple_command=, pipe_in=-1,
pipe_out=-1, async=0, fds_to_close=) at
/usr/src/debug/bash-5.1.0-2.fc34.x86_64/execute_cmd.c:4389
#14 0x559e8c740408 in execute_command_internal (command=0x559e8c93d810,
asynchronous=, pipe_in=-1, pipe_out=-1,
fds_to_close=0x559e8c93ea20) at
/usr/src/debug/bash-5.1.0-2.fc34.x86_64/execute_cmd.c:857
#15 0x559e8c79ebdc in parse_and_execute (string=,
from_file=0x559e8c7fd270 "-c", flags=20) at builtins/evalstring.c:489
#16 0x559e8c7fc15c in run_one_command.isra.0 (command=0x7ffdd51d4a9b
"{0..255}.{0..255}.{0..255}.{0..255}") at
/usr/src/debug/bash-5.1.0-2.fc34.x86_64/shell.c:1450
#17 0x559e8c725040 in main (argc=3, argv=0x7ffdd51d3088,
env=0x7ffdd51d30a8) at /usr/src/debug/bash-5.1.0-2.fc34.x86_64/shell.c:751
This is bash 5.1 running on Fedora 34 (x86-64).
$ bash --version
GNU bash, version 5.1.0(1)-release (x86_64-redhat-linux-gnu)
Machine: x86_64
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS: -O2 -flto=auto -ffat-lto-objects -fexceptions -g
-grecord-gcc-switches -pipe -Wall -Werror=format-security
-Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS
-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong
-specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic
-fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection
uname output: Linux nyaa 5.12.12-300.fc34.x86_64 #1 SMP Fri Jun 18 14:30:51
UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Machine Type: x86_64-redhat-linux-gnu
Bash Version: 5.1
Patch Level: 0
Release Status: release
Thanks in advance,
~~ Gabríel
Re: Crash on large brace expansion
Le 15/07/2021 à 16:36, Gabríel Arthúr Pétursson écrivait :
Hi all,
Executing the following results in a fierce crash:
$ bash -c '{0..255}.{0..255}.{0..255}.{0..255}'
Brace expression expands all the value in memory.
Here you are actually telling Bash to expand 256⁴ or 4294967296 42
Billion entries.
{0..255}.{0..255}.{0..255}.{0..255} expands all the IPv4 address space.
It cannot fit in any current home PC memory.
The crash is due to out of memory and is wholly expected.
Use index loops instead:
for ((a=0; a<=255; a++)); do
for ((b=0; b<=255; b++)); do
for ((c=0; c<=255; c++)); do
for ((d=0; d<=255; d++)); do
printf '%d.%d.%d.%d\n' "$a" "$b" "$c" "$d"
done
done
done
done
--
Léa Gris
Re: Crash on large brace expansion
On Thu, Jul 15, 2021 at 05:28:04PM +0200, Léa Gris wrote:
> Le 15/07/2021 à 16:36, Gabríel Arthúr Pétursson écrivait :
> > Hi all,
> >
> > Executing the following results in a fierce crash:
> >
> > $ bash -c '{0..255}.{0..255}.{0..255}.{0..255}'
>
> Brace expression expands all the value in memory.
>
> Here you are actually telling Bash to expand 256⁴ or 4294967296 42 Billion
> entries.
4.2 billion, but who's counting? :-)
Re: Crash on large brace expansion
On 7/15/21 10:36 AM, Gabríel Arthúr Pétursson wrote:
Hi all,
Executing the following results in a fierce crash:
$ bash -c '{0..255}.{0..255}.{0..255}.{0..255}'
malloc(): unaligned fastbin chunk detected 2
Aborted (core dumped)
If the Oom killer doesn't get you first.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRUc...@case.eduhttp://tiswww.cwru.edu/~chet/
Re: Crash on large brace expansion
Le 15/07/2021 à 21:23, Greg Wooledge écrivait :
On Thu, Jul 15, 2021 at 05:28:04PM +0200, Léa Gris wrote:
Le 15/07/2021 à 16:36, Gabríel Arthúr Pétursson écrivait :
Hi all,
Executing the following results in a fierce crash:
$ bash -c '{0..255}.{0..255}.{0..255}.{0..255}'
Brace expression expands all the value in memory.
Here you are actually telling Bash to expand 256⁴ or 4294967296 42 Billion
entries.
4.2 billion, but who's counting? :-)
Ah yes, my billions or off by ten folds.
Here is a single-loop version to absolve me of my arithmetical
overstatement:
a=0
while [ $a -lt 4294967296 ]; do
printf '%d.%d.%d.%d\n' \
$((a >> 24)) $((a >> 16 & 255)) $((a >> 8 & 255)) $((a & 255))
a=$((a + 1))
done
--
Léa Gris
Re: Crash on large brace expansion
Gabríel Arthúr Pétursson writes:
> Executing the following results in a fierce crash:
>
>$ bash -c '{0..255}.{0..255}.{0..255}.{0..255}'
>malloc(): unaligned fastbin chunk detected 2
>Aborted (core dumped)
As others have noted, you are attempting to construct 2^32 words. Now
it's probable that you could run it on a computer with enough RAM to do
the job. (I work with ones that have 128 GiB.) But the indexes
involved are large enough that they are likely overflowing various
32-bit counters/pointers. So bash dies on an internal error in
malloc().
Dale
