Re: undo list free crash
On 2/28/23 5:17 PM, Grisha Levit wrote: After the changes in https://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel&id=9e3495c9, I sometimes get segfaults when performing a bunch of history navigations followed by ^C. Thanks for the report and the reproducer. It looks like a pointer aliasing problem. Chet -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, UTech, CWRUc...@case.eduhttp://tiswww.cwru.edu/~chet/
global-buffer-overflow in parse.y
$ ./bash -c 'case x in x) if ((1)); then :; fi ;; esac'
parse.y:974:82: runtime error: index -1 out of bounds for type 'int[257]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior parse.y:974:82 in
=
==52960==ERROR: AddressSanitizer: global-buffer-overflow
READ of size 4 at 0x000100cf26dc thread T0
#0 0x1004b63c8 in yyparse parse.y:974
$ ./bash -c 'case x in x) if ((1)); then :; fi esac'
parse.y:979:82: runtime error: index -1 out of bounds for type 'int[257]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior parse.y:979:82 in
=
==52850==ERROR: AddressSanitizer: global-buffer-overflow
READ of size 4 at 0x000100b0e6dc thread T0
#0 0x1002d2808 in yyparse parse.y:979
both of these are like:
|CASE WORD newline_list IN case_clause ESAC
{
$$ = make_case_command ($2, $5, word_lineno[word_top]);
if (word_top >= 0) word_top--;
}
and word_top == -1
