1035273 – [abrt] bash-4.2.45-1.fc19: __gconv_transform_utf8_internal: Process /usr/bin/bash was killed by signal 11 (SIGSEGV)

Bug 1035273 - [abrt] bash-4.2.45-1.fc19: __gconv_transform_utf8_internal: Process /usr/bin/bash was killed by signal 11 (SIGSEGV)

Summary: [abrt] bash-4.2.45-1.fc19: __gconv_transform_utf8_internal: Process /usr/bin/...

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	bash
Sub Component:
Version:	19
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Ondrej Oprala
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:	https://retrace.fedoraproject.org/faf...
Whiteboard:	abrt_hash:b40700008007dd1456c6ebdf8f7...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-11-27 12:33 UTC by Valentin Bajrami
Modified:	2016-02-01 02:09 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-05-27 13:12:37 UTC
Type:	---
Dependent Products:

Attachments	(Terms of Use)
File: backtrace (167.49 KB, text/plain) 2013-11-27 12:33 UTC, Valentin Bajrami	no flags	Details
File: cgroup (141 bytes, text/plain) 2013-11-27 12:33 UTC, Valentin Bajrami	no flags	Details
File: core_backtrace (366.45 KB, text/plain) 2013-11-27 12:33 UTC, Valentin Bajrami	no flags	Details
File: dso_list (666 bytes, text/plain) 2013-11-27 12:33 UTC, Valentin Bajrami	no flags	Details
File: environ (1.38 KB, text/plain) 2013-11-27 12:33 UTC, Valentin Bajrami	no flags	Details
File: exploitable (82 bytes, text/plain) 2013-11-27 12:34 UTC, Valentin Bajrami	no flags	Details
File: limits (1.29 KB, text/plain) 2013-11-27 12:34 UTC, Valentin Bajrami	no flags	Details
File: maps (2.98 KB, text/plain) 2013-11-27 12:34 UTC, Valentin Bajrami	no flags	Details
File: open_fds (105 bytes, text/plain) 2013-11-27 12:34 UTC, Valentin Bajrami	no flags	Details
File: proc_pid_status (931 bytes, text/plain) 2013-11-27 12:34 UTC, Valentin Bajrami	no flags	Details
File: var_log_messages (314 bytes, text/plain) 2013-11-27 12:34 UTC, Valentin Bajrami	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Description Valentin Bajrami 2013-11-27 12:33:33 UTC

Description of problem:
By entering:  function cd() { cd "$@" && pushd "$@"; }; cd /home/${USER}

Version-Release number of selected component:
bash-4.2.45-1.fc19

Additional info:
reporter:       libreport-2.1.9
backtrace_rating: 4
cmdline:        bash
crash_function: __gconv_transform_utf8_internal
executable:     /usr/bin/bash
kernel:         3.11.9-200.fc19.x86_64
runlevel:       N 5
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (10 frames)
 #0 __gconv_transform_utf8_internal at ../iconv/skeleton.c:394
 #1 __mbrtowc at mbrtowc.c:85
 #2 mbrlen at /usr/include/wchar.h:402
 #3 string_extract_double_quoted at subst.c:823
 #4 expand_word_internal at subst.c:8267
 #5 shell_expand_word_list at subst.c:9245
 #6 expand_word_list_internal at subst.c:9362
 #7 expand_words at subst.c:8984
 #8 execute_simple_command at execute_cmd.c:3787
 #9 execute_command_internal at execute_cmd.c:747

Comment 1 Valentin Bajrami 2013-11-27 12:33:42 UTC

Created attachment 829688 [details]
File: backtrace

Comment 2 Valentin Bajrami 2013-11-27 12:33:45 UTC

Created attachment 829689 [details]
File: cgroup

Comment 3 Valentin Bajrami 2013-11-27 12:33:50 UTC

Created attachment 829690 [details]
File: core_backtrace

Comment 4 Valentin Bajrami 2013-11-27 12:33:56 UTC

Created attachment 829691 [details]
File: dso_list

Comment 5 Valentin Bajrami 2013-11-27 12:33:59 UTC

Created attachment 829692 [details]
File: environ

Comment 6 Valentin Bajrami 2013-11-27 12:34:02 UTC

Created attachment 829693 [details]
File: exploitable

Comment 7 Valentin Bajrami 2013-11-27 12:34:06 UTC

Created attachment 829694 [details]
File: limits

Comment 8 Valentin Bajrami 2013-11-27 12:34:09 UTC

Created attachment 829695 [details]
File: maps

Comment 9 Valentin Bajrami 2013-11-27 12:34:13 UTC

Created attachment 829696 [details]
File: open_fds

Comment 10 Valentin Bajrami 2013-11-27 12:34:16 UTC

Created attachment 829697 [details]
File: proc_pid_status

Comment 11 Valentin Bajrami 2013-11-27 12:34:19 UTC

Created attachment 829698 [details]
File: var_log_messages

Comment 12 Ondrej Oprala 2014-04-01 14:16:39 UTC

This is an ALMOST intended behaviour since the command "function foo () { ; }" is not posixly correct.

The correct form is either
"function foo { ; }"
OR
"foo () { ; }".

Both have slightly different behaviour,
but function foo () is so common that bash doesn't emit any warnings.
With the correct syntax, you would get:
"cd: maximum nested function level reached".

However, letting bash get SIGSEGV-ed, even with a non 100% posix-compliant shell script is a tiny bit extreme. What bash does exactly is smashing it's own stack by infinite recursion. I'll talk to upstream about this.

Thank you for the report.

Comment 13 Ondrej Oprala 2014-05-27 13:12:37 UTC

The offical upstream statement is that this works as intended. You can set the FUNCNEST environment variable to control the maximum recursion depth. However, stack size is still the hard limit, setting FUNCNEST doesn't ensure you'll be able to recurse as deeply as you'd like.

Note You need to log in before you can comment on or make changes to this bug.