[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Bash parser segmentation fault
From: |
Eduardo Bustamante |
Subject: |
Bash parser segmentation fault |
Date: |
Wed, 3 May 2017 09:40:57 -0500 |
dualbus@debian:~/src/gnu/bash$ cat -v ~/segfault
0 i[$($(0(){a[$(($(0)))}>))
dualbus@debian:~/src/gnu/bash$ xxd ~/segfault
00000000: 3020 695b 2428 2428 3028 297b 615b 2428 0 i[$($(0(){a[$(
00000010: 2824 2830 2929 297d 3e29 29 ($(0)))}>))
dualbus@debian:~/src/gnu/bash$ ./bash -n ~/segfault
ASAN:DEADLYSIGNAL
=================================================================
==7547==ERROR: AddressSanitizer: SEGV on unknown address
0x000000000000 (pc 0x7ffa6e73f504 bp 0x7ffe0950b220 sp 0x7ffe0950a9a8
T0)
#0 0x7ffa6e73f503 in strlen (/lib/x86_64-linux-gnu/libc.so.6+0x80503)
#1 0x7ffa6eec6eec (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x3beec)
#2 0x56448beffd70 in error_token_from_token parse.y:6009
#3 0x56448bf004bc in report_syntax_error parse.y:6109
#4 0x56448beffc59 in yyerror parse.y:5985
#5 0x56448beebe2b in yyparse /home/dualbus/src/gnu/bash/y.tab.c:3401
#6 0x56448bee3db2 in parse_command /home/dualbus/src/gnu/bash/eval.c:294
#7 0x56448bffef1e in parse_string
/home/dualbus/src/gnu/bash/builtins/evalstring.c:563
#8 0x56448bef7695 in xparse_dolparen parse.y:4298
#9 0x56448bf61d02 in extract_command_subst
/home/dualbus/src/gnu/bash/subst.c:1239
#10 0x56448bf62d72 in extract_delimited_string
/home/dualbus/src/gnu/bash/subst.c:1383
#11 0x56448bf658ff in skip_matched_pair
/home/dualbus/src/gnu/bash/subst.c:1793
#12 0x56448bf65cfe in skipsubscript /home/dualbus/src/gnu/bash/subst.c:1818
#13 0x56448bf03be1 in assignment /home/dualbus/src/gnu/bash/general.c:382
#14 0x56448befc714 in read_token_word parse.y:5181
#15 0x56448bef222a in read_token parse.y:3330
#16 0x56448beefea3 in yylex parse.y:2675
#17 0x56448bee4be1 in yyparse /home/dualbus/src/gnu/bash/y.tab.c:1827
#18 0x56448bee3db2 in parse_command /home/dualbus/src/gnu/bash/eval.c:294
#19 0x56448bee4007 in read_command /home/dualbus/src/gnu/bash/eval.c:338
#20 0x56448bee3243 in reader_loop /home/dualbus/src/gnu/bash/eval.c:140
#21 0x56448bede9ed in main /home/dualbus/src/gnu/bash/shell.c:794
#22 0x7ffa6e6df2b0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
#23 0x56448bedd5e9 in _start (/home/dualbus/src/gnu/bash/bash+0x7f5e9)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
(/lib/x86_64-linux-gnu/libc.so.6+0x80503) in strlen
==7547==ABORTING
(gdb) r -n ~/segfault
Starting program: /home/dualbus/src/gnu/bash/bash -n ~/segfault
Program received signal SIGSEGV, Segmentation fault.
strlen () at ../sysdeps/x86_64/strlen.S:137
137 ../sysdeps/x86_64/strlen.S: No such file or directory.
(gdb) bt
#0 strlen () at ../sysdeps/x86_64/strlen.S:137
#1 0x0000555555592450 in error_token_from_token (tok=281) at ./parse.y:6009
#2 0x00005555555927d5 in report_syntax_error (message=0x0) at ./parse.y:6109
#3 0x0000555555592379 in yyerror (msg=0x5555556589da "syntax error")
at ./parse.y:5985
#4 0x0000555555588151 in yyparse () at y.tab.c:3401
#5 0x0000555555584c74 in parse_command () at eval.c:294
#6 0x00005555555fe53a in parse_string (string=0x5555558b5f46
"0(){a[$(($(0)))}>))",
from_file=0x555555658f43 "command substitution", flags=77,
endp=0x7fffffffcf58) at evalstring.c:563
#7 0x000055555558dd91 in xparse_dolparen (base=0x5555558b5f40
"i[$($(0(){a[$(($(0)))}>))",
string=0x5555558b5f46 "0(){a[$(($(0)))}>))", indp=0x7fffffffd150,
flags=73) at ./parse.y:4298
#8 0x00005555555bbfe7 in extract_command_subst (string=0x5555558b5f40
"i[$($(0(){a[$(($(0)))}>))", sindex=0x7fffffffd150, xflags=73)
at subst.c:1239
#9 0x00005555555bc713 in extract_delimited_string
(string=0x5555558b5f40 "i[$($(0(){a[$(($(0)))}>))",
sindex=0x7fffffffd214,
opener=0x55555565ba0f "$(", alt_opener=0x55555565ba0d "(",
closer=0x55555565ba0b ")", flags=9) at subst.c:1383
#10 0x00005555555bdaa7 in skip_matched_pair (string=0x5555558b5f40
"i[$($(0(){a[$(($(0)))}>))", start=1, open=91, close=93, flags=0)
at subst.c:1793
#11 0x00005555555bdc5d in skipsubscript (string=0x5555558b5f40
"i[$($(0(){a[$(($(0)))}>))", start=1, flags=0) at subst.c:1818
#12 0x0000555555593d5a in assignment (string=0x5555558b5f40
"i[$($(0(){a[$(($(0)))}>))", flags=0) at general.c:382
#13 0x0000555555590939 in read_token_word (character=10) at ./parse.y:5181
#14 0x000055555558b1b4 in read_token (command=0) at ./parse.y:3330
#15 0x0000555555589eca in yylex () at ./parse.y:2675
#16 0x000055555558532a in yyparse () at y.tab.c:1827
#17 0x0000555555584c74 in parse_command () at eval.c:294
#18 0x0000555555584d5a in read_command () at eval.c:338
#19 0x00005555555848cb in reader_loop () at eval.c:140
#20 0x0000555555582617 in main (argc=3, argv=0x7fffffffe478,
env=0x7fffffffe498) at shell.c:794
- Bash parser segmentation fault,
Eduardo Bustamante <=