Re: Using systemd-249's libnss_systemd.so.2 triggers a crash in bash-5.1

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Using systemd-249's libnss_systemd.so.2 triggers a crash in bash-5.1

From:	Chet Ramey
Subject:	Re: Using systemd-249's libnss_systemd.so.2 triggers a crash in bash-5.1's malloc.c
Date:	Mon, 4 Oct 2021 18:01:31 -0400
User-agent:	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.14.0

On 10/4/21 4:44 PM, Andreas Schwab wrote:

On Okt 04 2021, Chet Ramey wrote:

I suspect this is a buffer overflow introduced between systemd-247 and
systemd-249. It's not caught when building bash without the bash malloc
because the default libc malloc probably doesn't do the bounds checking
the bash malloc does, even without malloc debugging turned on.


If it's a buffer overflow, then valgrind should be able to catch it
(when bash is configured --without-bash-malloc).  valgrind's bounds
checking is much more advanced than what a checking malloc can do.


You'd think. This is the kind of overflow that will produce that error
message from the bash malloc:

int
main(int c, char **v)
{
        char    *buf;

        buf = (char *)malloc (40);
        if (buf == 0) {
                fprintf(stderr, "malloc failed\n");
                exit(1);
        }
        buf[40]='\254';

        buf = realloc(buf, 218);
        buf[218]='\214';

        free(buf);
        exit(0);
}




--
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU    chet@case.edu    http://tiswww.cwru.edu/~chet/

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Using systemd-249's libnss_systemd.so.2 triggers a crash in bash-5.1's malloc.c, (continued)
- Re: Using systemd-249's libnss_systemd.so.2 triggers a crash in bash-5.1's malloc.c, Chet Ramey, 2021/10/04
  - Re: Using systemd-249's libnss_systemd.so.2 triggers a crash in bash-5.1's malloc.c, Andreas Schwab, 2021/10/04
    - Re: Using systemd-249's libnss_systemd.so.2 triggers a crash in bash-5.1's malloc.c, Julien Moutinho, 2021/10/04
    - Re: Using systemd-249's libnss_systemd.so.2 triggers a crash in bash-5.1's malloc.c, Chet Ramey, 2021/10/04
    - Re: Using systemd-249's libnss_systemd.so.2 triggers a crash in bash-5.1's malloc.c, Chet Ramey <=
    - Re: Using systemd-249's libnss_systemd.so.2 triggers a crash in bash-5.1's malloc.c, Andreas Schwab, 2021/10/04
  - Re: Using systemd-249's libnss_systemd.so.2 triggers a crash in bash-5.1's malloc.c, Dominique Martinet, 2021/10/04
    - Re: Using systemd-249's libnss_systemd.so.2 triggers a crash in bash-5.1's malloc.c, Dominique Martinet, 2021/10/04
    - Re: Using systemd-249's libnss_systemd.so.2 triggers a crash in bash-5.1's malloc.c, Chet Ramey, 2021/10/04
    - Re: Using systemd-249's libnss_systemd.so.2 triggers a crash in bash-5.1's malloc.c, Chet Ramey, 2021/10/04
    - Re: Using systemd-249's libnss_systemd.so.2 triggers a crash in bash-5.1's malloc.c, Dominique Martinet, 2021/10/04
    - Re: Using systemd-249's libnss_systemd.so.2 triggers a crash in bash-5.1's malloc.c, Chet Ramey, 2021/10/04
    - Re: Using systemd-249's libnss_systemd.so.2 triggers a crash in bash-5.1's malloc.c, Dominique Martinet, 2021/10/05
    - Re: Using systemd-249's libnss_systemd.so.2 triggers a crash in bash-5.1's malloc.c, Chet Ramey, 2021/10/05
    - Re: Using systemd-249's libnss_systemd.so.2 triggers a crash in bash-5.1's malloc.c, Julien Moutinho, 2021/10/12

Prev by Date: Re: Using systemd-249's libnss_systemd.so.2 triggers a crash in bash-5.1's malloc.c
Next by Date: Re: Using systemd-249's libnss_systemd.so.2 triggers a crash in bash-5.1's malloc.c
Previous by thread: Re: Using systemd-249's libnss_systemd.so.2 triggers a crash in bash-5.1's malloc.c
Next by thread: Re: Using systemd-249's libnss_systemd.so.2 triggers a crash in bash-5.1's malloc.c
Index(es):
- Date
- Thread