Re: Heap-buffer-overflow in read_token_word() when read element with -1

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Heap-buffer-overflow in read_token_word() when read element with -1

From:	Grisha Levit
Subject:	Re: Heap-buffer-overflow in read_token_word() when read element with -1 index
Date:	Wed, 23 Apr 2025 13:37:50 -0400

On Wed, Apr 23, 2025, 11:40 Chet Ramey <chet.ramey@case.edu> wrote:
>
> On 4/23/25 11:30 AM, Александр Ушаков wrote:
>
> > I encountered an issue in Bash and would like to report it. buggyfile.txt 
> > is attached to the email.
> >
> > Steps to reproduce
> >
> > $ CC=clang-19 CFLAGS="-fsanitize=address -g -O0" ./configure 
> > --without-bash-malloc
> > $ make
> > $ cat crash1.txt | ./bash --norc --noediting -i
>
> I get no asan errors when running that file against the current bash devel
> branch and bash-5.3-rc1.

I think the attachment has incorrect line endings, here's what I believe is a
simplified reproducer:

    bash --norc -in -o posix <<< $':\n"\n"$(!!'

[Prev in Thread]

Current Thread

[Next in Thread]

Heap-buffer-overflow in read_token_word() when read element with -1 index, Александр Ушаков, 2025/04/23
- Re: Heap-buffer-overflow in read_token_word() when read element with -1 index, Chet Ramey, 2025/04/23
  - Re: Heap-buffer-overflow in read_token_word() when read element with -1 index, Grisha Levit <=
    - Re: Heap-buffer-overflow in read_token_word() when read element with -1 index, Chet Ramey, 2025/04/23
- Re: Heap-buffer-overflow in read_token_word() when read element with -1 index, Martin D Kealey, 2025/04/27

Prev by Date: Re: Heap-buffer-overflow in read_token_word() when read element with -1 index
Next by Date: Re: Heap-buffer-overflow in read_token_word() when read element with -1 index
Previous by thread: Re: Heap-buffer-overflow in read_token_word() when read element with -1 index
Next by thread: Re: Heap-buffer-overflow in read_token_word() when read element with -1 index
Index(es):
- Date
- Thread