Bug 681462 - bash -c 'TZ=UTC0 :' causes segfault
Summary: bash -c 'TZ=UTC0 :' causes segfault
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: bash
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
urgent
Target Milestone: ---
Assignee: Roman Rakus
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 681460 681461 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-03-02 09:36 UTC by Jim Meyering
Modified: 2014-01-13 00:13 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-03-02 14:32:24 UTC
Type: ---


Attachments (Terms of Use)
don't dereference NULL (337 bytes, patch)
2011-03-02 09:37 UTC, Jim Meyering
no flags Details | Diff

Description Jim Meyering 2011-03-02 09:36:51 UTC
Description of problem: 
bash -c 'TZ=UTC0 :' causes segfault

The RHS can be any value, not just UTC0.

Version-Release number of selected component (if applicable): x86_64 0:4.2.5-1.fc15


How reproducible: always


Steps to Reproduce:
1. bash -c 'TZ=x :'
2.
3.
  
Actual results: 

$ bash -c 'TZ=x :'
zsh: segmentation fault  bash -c 'TZ=UTC0 :'

Expected results:

no segfault

Additional info:

This bug was introduced with patch bash42-005:
This function must accommodate v == NULL, since exported_p dereferences its argument.  Patch attached.

+ int
+ chkexport (name)
+      char *name;
+ {
+   SHELL_VAR *v;
+ 
+   v = find_variable (name);
+   if (exported_p (v))
+     {
+       array_needs_making = 1;
+       maybe_make_export_env ();
+       return 1;
+     }
+   return 0;
+ }

Comment 1 Jim Meyering 2011-03-02 09:37:42 UTC
Created attachment 481820 [details]
don't dereference NULL

Comment 2 Roman Rakus 2011-03-02 14:14:25 UTC
Thanks for the report. There is official upstream patch. I will apply the patch now.

Comment 3 Roman Rakus 2011-03-02 14:32:24 UTC
Fixed in bash-4.2.6-1.fc16

Comment 4 Roman Rakus 2011-03-07 16:06:52 UTC
*** Bug 681460 has been marked as a duplicate of this bug. ***

Comment 5 Roman Rakus 2011-03-07 16:07:20 UTC
*** Bug 681461 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.