Bug 518644 - bash segfaults on unsetting array variable
Summary: bash segfaults on unsetting array variable
Alias: None
Product: Fedora
Classification: Fedora
Component: bash
Version: 11
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Roman Rakus
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2009-08-21 13:06 UTC by Jón Fairbairn
Modified: 2014-01-13 00:09 UTC (History)
3 users (show)

Fixed In Version: 4.0-8.fc11
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2009-08-27 22:54:12 UTC
Type: ---

Attachments (Terms of Use)
sample backtrace (2.38 KB, text/plain)
2009-08-21 13:06 UTC, Jón Fairbairn
no flags Details

Description Jón Fairbairn 2009-08-21 13:06:16 UTC
Created attachment 358238 [details]
sample backtrace

Description of problem:
It is possible to set an associative array in such a way that bash segfaults when it is unset.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. start bash
2. enter these commands:

declare -A T
unset T

3. [note that the apostrophes are required]
Actual results:

Expected results:
Probably should be the same as if the apostrophes aren't there.

Additional info:
This is a minimal case derived from attempting to do something more sensible...

Comment 1 Roman Rakus 2009-08-25 10:54:37 UTC
T='([a]=1)' will save ([a]=1) at index 0. The problem here is, that index 0 is stored as string (char *) but is not allocated memory for it an in unset this memory is freed. This causes segfault.

Comment 2 Fedora Update System 2009-08-27 10:56:42 UTC
bash-4.0-8.fc11 has been submitted as an update for Fedora 11.

Comment 3 Fedora Update System 2009-08-27 22:54:08 UTC
bash-4.0-8.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.