Re: `verb=(--) declare -ax verb` causes an ENOTSOCK segfault

2023-06-16 Thread Lawrence Velázquez 
On Fri, Jun 16, 2023, at 1:02 AM, Wiley Young wrote:
> Description:
>`verb=(--) declare -ax verb` causes bash to crash and closes the active
> terminal tab.

The value "(--)" does not seem to be necessary:

% /bin/bash -c 'foo= declare -ax foo'
zsh: segmentation fault  /bin/bash -c 'foo= declare -ax foo'

I am seeing this behavior with bash 3.2.57, so it appears to be
longstanding.

-- 
vq

Re: `verb=(--) declare -ax verb` causes an ENOTSOCK segfault

2023-06-16 Thread Greg Wooledge 
On Fri, Jun 16, 2023 at 10:59:24AM -0400, Lawrence Velázquez wrote:
> % /bin/bash -c 'foo= declare -ax foo'
> zsh: segmentation fault  /bin/bash -c 'foo= declare -ax foo'
> 
> I am seeing this behavior with bash 3.2.57, so it appears to be
> longstanding.

I get a segfault/core dump in every version of bash starting from 2.05b,
which is the oldest I've got.

In case this helps, here's the backtrace from the core from bash 5.2:

(gdb) bt
#0  0x5582fea45845 in array_insert (a=0x558300ae61b0, i=i@entry=0, 
v=v@entry=0x558300ae6070 "") at array.c:574
#1  0x5582fea12d3a in bind_variable_internal (name=0x558300ae60f0 "foo", 
value=0x558300ae6130 "", table=table@entry=0x558300ac3cd0, 
hflags=hflags@entry=0, aflags=aflags@entry=544) at variables.c:3231
#2  0x5582fea13d2a in push_temp_var (data=0x558300ae7110)
at variables.c:4625
#3  0x5582fea3d093 in hash_flush (table=table@entry=0x558300ae7290, 
free_data=free_data@entry=0x5582fea13e90 )
at hashlib.c:395
#4  0x5582fea178e8 in dispose_temporary_env (
pushf=pushf@entry=0x5582fea13e90 ) at variables.c:4690
#5  0x5582fea1797a in dispose_used_env_vars () at variables.c:4710
#6  0x5582fea0afb9 in execute_command_internal (command=0x558300ae37d0, 
asynchronous=asynchronous@entry=0, pipe_in=pipe_in@entry=-1, 
pipe_out=pipe_out@entry=-1, fds_to_close=fds_to_close@entry=0x558300ae3a10)
at execute_cmd.c:872
#7  0x5582fea65c19 in parse_and_execute (string=, 
from_file=from_file@entry=0x5582feab50a7 "-c", flags=flags@entry=20)
at evalstring.c:536
#8  0x5582fe9f22a0 in run_one_command (
command=0x7ffd19e26aa0 "foo= declare -ax foo") at shell.c:1473
#9  0x5582fe9f0aab in main (argc=3, argv=0x7ffd19e26628, 
env=0x7ffd19e26648) at shell.c:763

Re: 5.2 fails to treat a missing conditional expression as an error of syntax

2023-06-16 Thread Chet Ramey 

On 6/15/23 8:57 PM, Kerin Millar wrote:

As below.

$ bash -c 'declare -p BASH_VERSION'
declare -- BASH_VERSION="5.2.15(1)-release"
$ bash -c '[[ ]]; echo fin'; echo $?
0


https://lists.gnu.org/archive/html/bug-bash/2022-10/msg00103.html
describes the fix.

We had this same discussion back in February:

https://lists.gnu.org/archive/html/bug-bash/2023-02/msg00156.html

where I answered in more detail:

https://lists.gnu.org/archive/html/bug-bash/2023-02/msg00163.html

You participated.

--
``The lyf so short, the craft so long to lerne.'' - Chaucer
 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRUc...@case.eduhttp://tiswww.cwru.edu/~chet/

Re: `jobs` shows output even when nothing has been started in the background

2023-06-16 Thread Chet Ramey 

On 6/14/23 6:12 PM, Ajeet D'Souza wrote:

Hey Chet,

Thanks for the quick reply. I have some follow-up questions:

  * Is there an elegant way I can start an external process without it
showing up under jobs, even on affected versions? My current best idea
is: (_="$(/bin/echo)"; jobs -l)


You can try to disown it.


  * Is there an elegant way I can get the correct number of jobs, even on
affected versions? My current best idea is to run jobsonce before doing
the count: (jobs &> /dev/null; jobs | wc -l)


You have to get the jobs you're not interested in removed from the jobs
table. That's as good a way as any if you don't know the job number or
if it's not the current job.


--
``The lyf so short, the craft so long to lerne.'' - Chaucer
 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRUc...@case.eduhttp://tiswww.cwru.edu/~chet/

Re: `jobs` shows output even when nothing has been started in the background

2023-06-16 Thread Ajeet D'Souza 
Hi,

Thanks for all the help! I created a PR with this workaround on the
Starship repository: https://github.com/starship/starship/pull/5253

Regards,
Ajeet

On Sat, Jun 17, 2023 at 12:00 AM Chet Ramey  wrote:

> On 6/14/23 6:12 PM, Ajeet D'Souza wrote:
> > Hey Chet,
> >
> > Thanks for the quick reply. I have some follow-up questions:
> >
> >   * Is there an elegant way I can start an external process without it
> > showing up under jobs, even on affected versions? My current best
> idea
> > is: (_="$(/bin/echo)"; jobs -l)
>
> You can try to disown it.
>
> >   * Is there an elegant way I can get the correct number of jobs, even on
> > affected versions? My current best idea is to run jobsonce before
> doing
> > the count: (jobs &> /dev/null; jobs | wc -l)
>
> You have to get the jobs you're not interested in removed from the jobs
> table. That's as good a way as any if you don't know the job number or
> if it's not the current job.
>
>
> --
> ``The lyf so short, the craft so long to lerne.'' - Chaucer
>  ``Ars longa, vita brevis'' - Hippocrates
> Chet Ramey, UTech, CWRUc...@case.eduhttp://tiswww.cwru.edu/~chet/
>
>

bug-bash@gnu.org

2023-06-16 Thread Chet Ramey 

On 6/10/23 7:31 PM, Grisha Levit wrote:

The command printing code can fail to add a required semicolon when the
last word in the command ends with `&'


Thanks for the report and patch.

Chet

--
``The lyf so short, the craft so long to lerne.'' - Chaucer
 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRUc...@case.eduhttp://tiswww.cwru.edu/~chet/

bug-bash@gnu.org

2023-06-16 Thread Chet Ramey 

On 6/10/23 10:41 PM, Martin D Kealey wrote:

On Sun, 11 Jun 2023, 09:31 Grisha Levit,  wrote:


The command printing code can fail to add a required semicolon when the
last word in the command ends with `&'



This could be obviated by unconditionally outputting a newline instead of a
semicolon.


There's some merit to this; the existing group command printing code
already prints group commands on multiple lines if within a shell function.



I acknowledge that this style isn't to everyone's taste, but to me it feels
more "natural" to the Shell, rather than pretending that one is writing in
some other language; I detest style guides that insist on obscuring ";then"
on the end of a long line.


Everyone has a preference.

--
``The lyf so short, the craft so long to lerne.'' - Chaucer
 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRUc...@case.eduhttp://tiswww.cwru.edu/~chet/

Re: posix_spawn (or vfork) support?

2023-06-16 Thread Chet Ramey 

On 6/15/23 8:32 PM, Sam James wrote:

Hi,

Sorry if this has come up before - I did take a look and couldn't find
anything.

Could bash use posix_spawn/vfork instead of the rather heavyweight
fork?


I haven't looked at them. Bash does more work between fork and exec than
the posix_spawn implementations I've looked at can manage, so it's not a
real win. I've never looked at vfork because there are a lot of assumptions
baked into the code that the child has its own copies of variables and
other data.

--
``The lyf so short, the craft so long to lerne.'' - Chaucer
 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRUc...@case.eduhttp://tiswww.cwru.edu/~chet/

Re: 5.2 fails to treat a missing conditional expression as an error of syntax

2023-06-16 Thread Kerin Millar 
On Fri, 16 Jun 2023 14:25:54 -0400
Chet Ramey  wrote:

> On 6/15/23 8:57 PM, Kerin Millar wrote:
> > As below.
> > 
> > $ bash -c 'declare -p BASH_VERSION'
> > declare -- BASH_VERSION="5.2.15(1)-release"
> > $ bash -c '[[ ]]; echo fin'; echo $?
> > 0
> 
> https://lists.gnu.org/archive/html/bug-bash/2022-10/msg00103.html
> describes the fix.1
> 
> We had this same discussion back in February:
> 
> https://lists.gnu.org/archive/html/bug-bash/2023-02/msg00156.html

Thanks.

> 
> where I answered in more detail:
> 
> https://lists.gnu.org/archive/html/bug-bash/2023-02/msg00163.html
> 
> You participated.

Good heavens. This entirely slipped my mind.

-- 
Kerin Millar

[PATCH] fix compgen -V leak

2023-06-16 Thread Grisha Levit 
My earlier patch for adding compgen -V did the variable assignment in a
pretty silly way and had a small memory leak to boot. Hope this new way
makes sense, sorry for the extra work.
---
>From b6b13b89e1436ddd575483a81e79ef43d82a5c0c Mon Sep 17 00:00:00 2001
From: Grisha Levit 
Date: Sat, 3 Jun 2023 16:37:02 -0400
Subject: [PATCH] fixup compgen -V array handling

* builtins/complete.def
- compgen_builtin: skip the unnecessary WORD_LIST conversion, avoid
  small leak

* externs.h
- remove strlist_to_word_list which was only added for initial version
  of compgen -V support
---
 builtins/complete.def | 7 +--
 externs.h | 1 -
 2 files changed, 1 insertion(+), 7 deletions(-)

diff --git a/builtins/complete.def b/builtins/complete.def
index 890cf20d..bb03c6e9 100644
--- a/builtins/complete.def
+++ b/builtins/complete.def
@@ -678,7 +678,6 @@ compgen_builtin (WORD_LIST *list)
   int old_ind, old_completion, old_quoting, old_suppress;
   SHELL_VAR *var;
   char *varname;
-  WORD_LIST *alist;

   if (list == 0)
 return (EXECUTION_SUCCESS);
@@ -763,11 +762,7 @@ compgen_builtin (WORD_LIST *list)
   var = builtin_find_indexed_array (varname, 1);
   if (var && sl && sl->list && sl->list_len)
  {
-   alist = strlist_to_word_list (sl, 0, 0);
-   assign_array_var_from_word_list (var, alist, 0);
-   free (sl);
-   sl = (STRINGLIST *)NULL;
-   dispose_words (alist);
+   array_from_argv (array_cell(var), sl->list, sl->list_len);
rval = EXECUTION_SUCCESS;
  }
 }
diff --git a/externs.h b/externs.h
index a1363d4d..fe5aa492 100644
--- a/externs.h
+++ b/externs.h
@@ -414,7 +414,6 @@ extern STRINGLIST *strlist_prefix_suffix (STRINGLIST *,
const char *, const char
 extern void strlist_print (STRINGLIST *, const char *);
 extern void strlist_walk (STRINGLIST *, sh_strlist_map_func_t *);
 extern void strlist_sort (STRINGLIST *);
-extern WORD_LIST *strlist_to_word_list (STRINGLIST *, int, int);

 /* declarations for functions defined in lib/sh/stringvec.c */

-- 
2.41.0

[PATCH] uninitialized variable access

2023-06-16 Thread Grisha Levit 
Some uninitialized variable access identified by clang's static analyzer.
(FWIW 90% of the reports were bogus but these seem legit)

* lib/readline/input.c
- rl_gather_tyi: the `result' variable is no longer initialized before
first access since commit d0bc56a32

* lib/readline/kill.c
- _rl_read_bracketed_paste_prefix: if there's no further input after the
initial \e of the bracketed paste prefix, an uninitialized value of `key'
can get used in the return value

* subst.c
- function_substitute: seems like the `tflag' assignment ended up in the
wrong place?

* builtins/read.def
- read_builtin: with `read -n0', the initialization of saw_escape is goto-d
over but that variable is later accessed

---
diff --git a/lib/readline/input.c b/lib/readline/input.c
index 229474ff..00605834 100644
--- a/lib/readline/input.c
+++ b/lib/readline/input.c
@@ -252,6 +252,7 @@ rl_gather_tyi (void)
   chars_avail = 0;
   input = 0;
   tty = fileno (rl_instream);
+  result = -1;

   /* Move this up here to give it first shot, but it can't set chars_avail
*/
   /* XXX - need rl_chars_available_hook? */
diff --git a/lib/readline/kill.c b/lib/readline/kill.c
index 1dfe3c57..1f13e447 100644
--- a/lib/readline/kill.c
+++ b/lib/readline/kill.c
@@ -779,7 +779,7 @@ _rl_read_bracketed_paste_prefix (int c)
   pbpref = BRACK_PASTE_PREF; /* XXX - debugging */
   if (c != pbpref[0])
 return (0);
-  pbuf[ind = 0] = c;
+  pbuf[ind = 0] = key = c;
   while (ind < BRACK_PASTE_SLEN-1 &&
  (RL_ISSTATE (RL_STATE_INPUTPENDING|RL_STATE_MACROINPUT) == 0) &&
  _rl_pushed_input_available () == 0 &&
diff --git a/subst.c b/subst.c
index 08d9285e..e69e0e5b 100644
--- a/subst.c
+++ b/subst.c
@@ -7021,7 +7021,6 @@ function_substitute (char *string, int quoted, int
flags)
   /* We call anonclose as part of the outer nofork unwind-protects */
   BLOCK_SIGNAL (SIGINT, set, oset);
   lseek (afd, 0, SEEK_SET);
-  tflag = 0;
   istring = read_comsub (afd, quoted, flags, &tflag);
   UNBLOCK_SIGNAL (oset);
 }
@@ -7029,6 +7028,7 @@ function_substitute (char *string, int quoted, int
flags)
 {
   s = get_string_value ("REPLY");
   istring = s ? comsub_quote_string (s, quoted, flags) : savestring
("");
+  tflag = 0;
 }

   run_unwind_frame ("nofork comsub");  /* restores stdout, job control
stuff */

diff --git a/builtins/read.def b/builtins/read.def
index cb4e1e59..80d1241d 100644
--- a/builtins/read.def
+++ b/builtins/read.def
@@ -403,6 +403,9 @@ read_builtin (WORD_LIST *list)
   input_string = (char *)xmalloc (size = 112); /* XXX was 128 */
   input_string[0] = '\0';

+  pass_next = 0;   /* Non-zero signifies last char was backslash. */
+  saw_escape = 0;  /* Non-zero signifies that we saw an escape char */
+
   /* More input and options validation */
   if (nflag == 1 && nchars == 0)
 {
@@ -463,9 +466,6 @@ read_builtin (WORD_LIST *list)
 add_unwind_protect (xfree, rlbuf);
 #endif

-  pass_next = 0;   /* Non-zero signifies last char was backslash. */
-  saw_escape = 0;  /* Non-zero signifies that we saw an escape char */
-
   if (tmsec > 0 || tmusec > 0)
 {
   /* Turn off the timeout if stdin is a regular file (e.g. from

[PATCH] null pointer deref in bindpwd

2023-06-16 Thread Grisha Levit 
Only triggered by doing something stupid:

bash -c 'declare -n OLDPWD=X[SHLVL=-1]; /; cd /'
bash: line 1: X[SHLVL=-1]: bad array subscript
Segmentation fault: 11

---
diff --git a/builtins/cd.def b/builtins/cd.def
index de123f8b..e3156463 100644
--- a/builtins/cd.def
+++ b/builtins/cd.def
@@ -158,10 +158,9 @@ bindpwd (int no_symlinks)
   pwdvar = get_string_value ("PWD");

   tvar = bind_variable ("OLDPWD", pwdvar, 0);
-  if (tvar && readonly_p (tvar))
+  if (tvar == 0 || readonly_p (tvar))
 r = EXECUTION_FAILURE;
-
-  if (old_anm == 0 && array_needs_making && exported_p (tvar))
+  else if (old_anm == 0 && array_needs_making && exported_p (tvar))
 {
   update_export_env_inplace ("OLDPWD=", 7, pwdvar);
   array_needs_making = 0;