Bug 518644

Summary: bash segfaults on unsetting array variable
Product: [Fedora] Fedora Reporter: Jón Fairbairn <jon.fairbairn>
Component: bashAssignee: Roman Rakus <rrakus>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: low    
Version: 11CC: rrakus, tsmetana, twaugh
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 4.0-8.fc11 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-08-27 22:54:12 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
sample backtrace none

Description Jón Fairbairn 2009-08-21 13:06:16 UTC
Created attachment 358238 [details]
sample backtrace

Description of problem:
It is possible to set an associative array in such a way that bash segfaults when it is unset.

Version-Release number of selected component (if applicable):
bash-4.0-7.fc11

How reproducible:
Completely

Steps to Reproduce:
1. start bash
2. enter these commands:

declare -A T
T='([a]=1)'
unset T

3. [note that the apostrophes are required]
  
Actual results:
segfault

Expected results:
Probably should be the same as if the apostrophes aren't there.

Additional info:
This is a minimal case derived from attempting to do something more sensible...

Comment 1 Roman Rakus 2009-08-25 10:54:37 UTC
T='([a]=1)' will save ([a]=1) at index 0. The problem here is, that index 0 is stored as string (char *) but is not allocated memory for it an in unset this memory is freed. This causes segfault.

Comment 2 Fedora Update System 2009-08-27 10:56:42 UTC
bash-4.0-8.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/bash-4.0-8.fc11

Comment 3 Fedora Update System 2009-08-27 22:54:08 UTC
bash-4.0-8.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.