Bug 1148661

Summary: [abrt] bash: strlen(): bash killed by SIGSEGV
Product: [Fedora] Fedora Reporter: Eric Blake <eblake>
Component: bashAssignee: Ondrej Oprala <ooprala>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 20CC: admiller, eblake, ooprala, ovasik
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/dc9ad286af24d1b5ce3449ebe38424636a2d57b2
Whiteboard: abrt_hash:c11055e6805e815490ea573557a24ab4204cba16
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-10-02 04:28:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: backtrace
none
File: cgroup
none
File: core_backtrace
none
File: dso_list
none
File: environ
none
File: exploitable
none
File: limits
none
File: maps
none
File: open_fds
none
File: proc_pid_status
none
File: var_log_messages none

Description Eric Blake 2014-10-02 04:23:34 UTC 
Description of problem:
Testing CVE-2014-6278, per http://lcamtuf.blogspot.de/2014/10/bash-bug-how-we-finally-cracked.html

Version-Release number of selected component:
bash-4.2.48-2.fc20

Additional info:
reporter:       libreport-2.2.3
backtrace_rating: 4
cmdline:        bash -c 'x () { y() { :; }; y() { :; } <<a; }'
crash_function: strlen
executable:     /usr/bin/bash
kernel:         3.16.2-200.fc20.x86_64
runlevel:       N 5
type:           CCpp
uid:            14986

Truncated backtrace:
Thread no. 1 (10 frames)
 #0 strlen at ../sysdeps/x86_64/strlen.S:106
 #1 copy_redirect at copy_cmd.c:129
 #2 copy_redirects at copy_cmd.c:164
 #3 copy_command at copy_cmd.c:371
 #4 copy_function_def_contents at copy_cmd.c:335
 #5 bind_function_def at variables.c:2484
 #6 make_function_def at make_cmd.c:798
 #7 yyparse at ./parse.y:904
 #8 parse_command at eval.c:229
 #9 parse_and_execute at evalstring.c:252
Comment 1 Eric Blake 2014-10-02 04:23:36 UTC 
Created attachment 943258 [details]
File: backtrace
Comment 2 Eric Blake 2014-10-02 04:23:36 UTC 
Created attachment 943259 [details]
File: cgroup
Comment 3 Eric Blake 2014-10-02 04:23:37 UTC 
Created attachment 943260 [details]
File: core_backtrace
Comment 4 Eric Blake 2014-10-02 04:23:38 UTC 
Created attachment 943261 [details]
File: dso_list
Comment 5 Eric Blake 2014-10-02 04:23:39 UTC 
Created attachment 943262 [details]
File: environ
Comment 6 Eric Blake 2014-10-02 04:23:40 UTC 
Created attachment 943263 [details]
File: exploitable
Comment 7 Eric Blake 2014-10-02 04:23:41 UTC 
Created attachment 943264 [details]
File: limits
Comment 8 Eric Blake 2014-10-02 04:23:41 UTC 
Created attachment 943265 [details]
File: maps
Comment 9 Eric Blake 2014-10-02 04:23:42 UTC 
Created attachment 943266 [details]
File: open_fds
Comment 10 Eric Blake 2014-10-02 04:23:43 UTC 
Created attachment 943267 [details]
File: proc_pid_status
Comment 11 Eric Blake 2014-10-02 04:23:44 UTC 
Created attachment 943268 [details]
File: var_log_messages
Comment 12 Eric Blake 2014-10-02 04:28:55 UTC 

*** This bug has been marked as a duplicate of bug 1147414 ***