Bash parser segmentation fault with arithmetic for loop

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bash parser segmentation fault with arithmetic for loop

From:	Eduardo Bustamante
Subject:	Bash parser segmentation fault with arithmetic for loop
Date:	Wed, 3 May 2017 23:19:39 -0500

(gdb) r -nvc 'for ((;)) do :; done&'
Starting program: /home/dualbus/src/gnu/bash/bash -nvc 'for ((;)) do :; done&'
for ((;)) do :; done&
/home/dualbus/src/gnu/bash/bash: -c: line 0: syntax error: arithmetic
expression required
/home/dualbus/src/gnu/bash/bash: -c: line 0: syntax error: `((;))'

Program received signal SIGSEGV, Segmentation fault.
0x0000555555587a1c in yyparse () at ./parse.y:1151
1151                              if ($1->type == cm_connection)
(gdb) bt
#0  0x0000555555587a1c in yyparse () at ./parse.y:1151
#1  0x0000555555584c74 in parse_command () at eval.c:294
#2  0x00005555555fdfb9 in parse_and_execute (string=0x5555558a9340
"for ((;)) do :; done&", from_file=0x555555656b50 "-c", flags=4)
    at evalstring.c:346
#3  0x000055555558332f in run_one_command (command=0x7fffffffe724 "for
((;)) do :; done&") at shell.c:1405
#4  0x00005555555824aa in main (argc=3, argv=0x7fffffffe468,
env=0x7fffffffe488) at shell.c:718

Found by fuzzing with AFL

[Prev in Thread]

Current Thread

[Next in Thread]

Bash parser segmentation fault with arithmetic for loop, Eduardo Bustamante <=

Prev by Date: Re: Bash parser segmentation fault
Next by Date: Segmentation fault in evalerror when xtrace and PS4='$[T[$]]'
Previous by thread: Bash parser segmentation fault
Next by thread: Segmentation fault in evalerror when xtrace and PS4='$[T[$]]'
Index(es):
- Date
- Thread