Bug 1259036 - bash double free or corruption (out)
bash double free or corruption (out)
Status: CLOSED INSUFFICIENT_DATA
Product: Fedora
Classification: Fedora
Component: bash (Show other bugs)
24
All Linux
medium Severity low
: ---
: ---
Assigned To: Siteshwar Vashisht
Fedora Extras Quality Assurance
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-09-01 15:53 EDT by Dusty Mabe
Modified: 2017-02-12 04:58 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-02-12 04:58:48 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
ABRT Dump after sending SIGABRT (534.13 KB, application/x-gzip)
2015-09-01 15:55 EDT, Dusty Mabe
no flags Details

  None (edit)
Description Dusty Mabe 2015-09-01 15:53:35 EDT
Description of problem:

I was able to get my terminal to spit out a double free or corruption message. This is the last text from the screen:

<<<<<<<<<<<<
[dustymabe@media f22pandoc]$ ##systemctl start etcd.service kube-apiserver.service kube-controller-manager.service kubelet kube-proxy kube-scheduler 
*** Error in `bash': double free or corruption (out): 0x000055fa1df1f7d0 ***
>>>>>>>>>>>>

I'm not sure how I got this to happen but I do know I had recently hit the "home" key and added a new '#' to the beginning of the line. You can see two '#' characters on the line above.


I was able to attach to the process with gdb and I got this out:

<<<<<<<<<<<<
(gdb) bt
#0  0x00007f3de120ff90 in __read_nocancel () at ../sysdeps/unix/syscall-template.S:81
#1  0x000055788154ca05 in read (__nbytes=1, __buf=0x7fff62c7d2d7, __fd=<optimized out>)
    at /usr/include/bits/unistd.h:44
#2  rl_getc (stream=0x7f3de14d78e0 <_IO_2_1_stdin_>) at input.c:488
#3  0x000055788154d262 in rl_read_key () at input.c:462
#4  0x000055788154d2d5 in rl_read_key () at input.c:469
#5  0x0000557881537808 in readline_internal_char () at readline.c:611
#6  0x0000557881537f25 in readline_internal_charloop () at readline.c:676
#7  readline_internal () at readline.c:690
#8  e (prompt=<optimized out>) at readline.c:416
#9  0x00005578814c38e7 in yy_readline_get () at ./parse.y:1455
#10 0x00005578814c5a39 in yy_getc () at ./parse.y:1389
#11 shell_getc (remove_quoted_newline=1) at ./parse.y:2290
#12 0x00005578814c86f8 in read_token (command=0) at ./parse.y:3042
#13 0x00005578814cbcc9 in yylex () at ./parse.y:2644
#14 yyparse () at y.tab.c:1835
#15 0x00005578814c31cf in parse_command () at eval.c:239
#16 0x00005578814c3298 in read_command () at eval.c:283
#17 0x00005578814c347b in reader_loop () at eval.c:146
#18 0x00005578814c1f62 in main (argc=1, argv=0x7fff62c7e5c8, env=0x7fff62c7e5d8) at shell.c:766
>>>>>>>>>>>>


Version-Release number of selected component (if applicable):
[dustymabe@media ~]$ rpm -q bash && uname -r
bash-4.3.39-6.fc22.x86_64
4.1.5-200.fc22.x86_64
Comment 1 Dusty Mabe 2015-09-01 15:55:30 EDT
Created attachment 1069126 [details]
ABRT Dump after sending SIGABRT
Comment 3 Fedora End Of Life 2016-07-19 13:45:25 EDT
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.
Comment 4 David Kaspar [Dee'Kej] 2016-07-20 06:21:48 EDT
I'm reopening this BZ, because this is something we should look into at some point. At least see if can actually reproduce this or not.

Reason: Because of ownership transfer of bash that has happened this year, there was no time to look into all BZs properly...
Comment 5 Siteshwar Vashisht 2017-02-12 04:58:48 EST
This bug lacks reproducer. Also, I have rebased bash to version 4.4 in rawhide which might have already fixed it. Please reopen if this is still reproducible with bash-4.4.

Note You need to log in before you can comment on or make changes to this bug.