Bug 126399
| Summary: | bash segfaults on substitution in multibyte environments | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Mirko Streckenbach <strecken> | ||||
| Component: | bash | Assignee: | Tim Waugh <twaugh> | ||||
| Status: | CLOSED RAWHIDE | QA Contact: | Ben Levenson <benl> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 2 | ||||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | i386 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | 2.05b-42 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2004-06-28 16:48:49 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Created attachment 101287 [details]
proposed fix for the bug
Easy to reproduce:
XS=$(perl -e 'print "x" x 400')
echo ${XS##x}
Thanks for the fix.
Fixed package is bash-2.05b-42. |
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040510 Description of problem: bash produces a segmentation fault in a shell script on a line like x=${var##foobar} if var is longer than 256 characters. Version-Release number of selected component (if applicable): bash-2.05b-38 How reproducible: Always Steps to Reproduce: 1. run a shell script using variable substituion on long variables 2. 3. Actual Results: SIGSEGV Expected Results: no crash. Additional info: This may be hard to reproduce, however the attached patch should make the mistake obvious to any programmer. diff -u -r bash-2.05b-orig/subst.c bash-2.05b/subst.c --- bash-2.05b-orig/subst.c 2004-06-21 10:33:28.065341000 +0200 +++ bash-2.05b/subst.c 2004-06-21 10:33:54.882704680 +0200 @@ -2830,7 +2830,7 @@ { int i, offset; char *p; - unsigned char last; + int last; case RP_LONG_LEFT: case RP_SHORT_RIGHT: