Bug 518644 - bash segfaults on unsetting array variable
Summary: bash segfaults on unsetting array variable
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: bash
Version: 11
Hardware: All
OS: Linux
low
high
Target Milestone: ---
Assignee: Roman Rakus
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-08-21 13:06 UTC by Jón Fairbairn
Modified: 2014-01-13 00:09 UTC (History)
3 users (show)

Fixed In Version: 4.0-8.fc11
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-08-27 22:54:12 UTC
Type: ---


Attachments (Terms of Use)
sample backtrace (2.38 KB, text/plain)
2009-08-21 13:06 UTC, Jón Fairbairn
no flags Details

Description Jón Fairbairn 2009-08-21 13:06:16 UTC
Created attachment 358238 [details]
sample backtrace

Description of problem:
It is possible to set an associative array in such a way that bash segfaults when it is unset.

Version-Release number of selected component (if applicable):
bash-4.0-7.fc11

How reproducible:
Completely

Steps to Reproduce:
1. start bash
2. enter these commands:

declare -A T
T='([a]=1)'
unset T

3. [note that the apostrophes are required]
  
Actual results:
segfault

Expected results:
Probably should be the same as if the apostrophes aren't there.

Additional info:
This is a minimal case derived from attempting to do something more sensible...

Comment 1 Roman Rakus 2009-08-25 10:54:37 UTC
T='([a]=1)' will save ([a]=1) at index 0. The problem here is, that index 0 is stored as string (char *) but is not allocated memory for it an in unset this memory is freed. This causes segfault.

Comment 2 Fedora Update System 2009-08-27 10:56:42 UTC
bash-4.0-8.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/bash-4.0-8.fc11

Comment 3 Fedora Update System 2009-08-27 22:54:08 UTC
bash-4.0-8.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.