Bug 681462

Summary: bash -c 'TZ=UTC0 :' causes segfault
Product: [Fedora] Fedora Reporter: Jim Meyering <meyering>
Component: bashAssignee: Roman Rakus <rrakus>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: rawhideCC: maxamillion, rrakus, tsmetana
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-03-02 14:32:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
don't dereference NULL none

Description Jim Meyering 2011-03-02 09:36:51 UTC 
Description of problem: 
bash -c 'TZ=UTC0 :' causes segfault

The RHS can be any value, not just UTC0.

Version-Release number of selected component (if applicable): x86_64 0:4.2.5-1.fc15


How reproducible: always


Steps to Reproduce:
1. bash -c 'TZ=x :'
2.
3.
  
Actual results: 

$ bash -c 'TZ=x :'
zsh: segmentation fault  bash -c 'TZ=UTC0 :'

Expected results:

no segfault

Additional info:

This bug was introduced with patch bash42-005:
This function must accommodate v == NULL, since exported_p dereferences its argument.  Patch attached.

+ int
+ chkexport (name)
+      char *name;
+ {
+   SHELL_VAR *v;
+ 
+   v = find_variable (name);
+   if (exported_p (v))
+     {
+       array_needs_making = 1;
+       maybe_make_export_env ();
+       return 1;
+     }
+   return 0;
+ }
Comment 1 Jim Meyering 2011-03-02 09:37:42 UTC 
Created attachment 481820 [details]
don't dereference NULL
Comment 2 Roman Rakus 2011-03-02 14:14:25 UTC 
Thanks for the report. There is official upstream patch. I will apply the patch now.
Comment 3 Roman Rakus 2011-03-02 14:32:24 UTC 
Fixed in bash-4.2.6-1.fc16
Comment 4 Roman Rakus 2011-03-07 16:06:52 UTC 
*** Bug 681460 has been marked as a duplicate of this bug. ***
Comment 5 Roman Rakus 2011-03-07 16:07:20 UTC 
*** Bug 681461 has been marked as a duplicate of this bug. ***