Re: segmentation fault after interrupting function that uses "time"

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: segmentation fault after interrupting function that uses "time"

From:	Grisha Levit
Subject:	Re: segmentation fault after interrupting function that uses "time"
Date:	Thu, 23 May 2024 21:09:36 -0400

On Thu, May 23, 2024 at 3:55 PM Chet Ramey <chet.ramey@case.edu> wrote:
>
> On 5/23/24 7:43 AM, Michael Maurer wrote:
>
> > Bash Version: 5.2
> > Patch Level: 15
> > Release Status: release
> >
> > Description:
> >       Calling a function that itself uses the keyword "time" to call 
> > another function that performs a long task, and then interrupting with 
> > Ctrl+C before it is complete, causes a segfault. Behavior varies depending 
> > on whether or not the output of time is piped into another command, and 
> > whether the functions were sourced from a file or typed in directly.
> >          Seems similar to the bug previously reported here: 
> > https://lists.gnu.org/archive/html/bug-bash/2019-07/msg00004.html
>
> I can't reproduce this on macOS, RHEL 9, or Debian 12 with either the
> latest devel branch or bash-5.2.26.

This shows up with ASAN:

bash-5.3$ g() { sleep 10; :; }; f() { time g; }; f
^C
=================================================================
==12333==ERROR: AddressSanitizer: heap-use-after-free on address
0x5030000098b4 at pc 0xc26d0bcf8268 bp 0xfffffbfb85c0 sp
0xfffffbfb85b0
WRITE of size 4 at 0x5030000098b4 thread T0
    #0 0xc26d0bcf8264 in time_command
/home/vm/src/bash/origin/execute_cmd.c:1456
    #1 0xc26d0bcf0148 in execute_command_internal
/home/vm/src/bash/origin/execute_cmd.c:796
    #2 0xc26d0bcf30b4 in execute_command_internal
/home/vm/src/bash/origin/execute_cmd.c:1073
    #3 0xc26d0bd1eda0 in execute_function
/home/vm/src/bash/origin/execute_cmd.c:5373
    #4 0xc26d0bd1f900 in execute_builtin_or_function
/home/vm/src/bash/origin/execute_cmd.c:5611


0x5030000098b4 is located 4 bytes inside of 32-byte region
[0x5030000098b0,0x5030000098d0)
freed by thread T0 here:
    #0 0xe4b56d0dfb0c in free
../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:52
    #1 0xc26d0bceab7c in dispose_command
/home/vm/src/bash/origin/dispose_cmd.c:204
    #2 0xc26d0bce9b4c in dispose_command
/home/vm/src/bash/origin/dispose_cmd.c:82
    #3 0xc26d0bceaba4 in uw_dispose_command
/home/vm/src/bash/origin/dispose_cmd.c:210
    #4 0xc26d0be53868 in unwind_frame_run_internal
/home/vm/src/bash/origin/unwind_prot.c:286
    #5 0xc26d0be51b64 in run_unwind_protects_internal
/home/vm/src/bash/origin/unwind_prot.c:211
    #6 0xc26d0be50ee8 in run_unwind_protects
/home/vm/src/bash/origin/unwind_prot.c:145
    #7 0xc26d0be61998 in throw_to_top_level /home/vm/src/bash/origin/sig.c:465
    #8 0xc26d0bcee4f4 in execute_command
/home/vm/src/bash/origin/execute_cmd.c:455
    #9 0xc26d0bd04a88 in execute_connection
/home/vm/src/bash/origin/execute_cmd.c:2832
    #10 0xc26d0bcf30d4 in execute_command_internal
/home/vm/src/bash/origin/execute_cmd.c:1080
    #11 0xc26d0bcf30b4 in execute_command_internal
/home/vm/src/bash/origin/execute_cmd.c:1073
    #12 0xc26d0bd1eda0 in execute_function
/home/vm/src/bash/origin/execute_cmd.c:5373
    #13 0xc26d0bd1f900 in execute_builtin_or_function
/home/vm/src/bash/origin/execute_cmd.c:5611
    #14 0xc26d0bd1b9e8 in execute_simple_command
/home/vm/src/bash/origin/execute_cmd.c:4817
    #15 0xc26d0bcf1240 in execute_command_internal
/home/vm/src/bash/origin/execute_cmd.c:905
    #16 0xc26d0bcf8198 in time_command
/home/vm/src/bash/origin/execute_cmd.c:1453
    #17 0xc26d0bcf0148 in execute_command_internal
/home/vm/src/bash/origin/execute_cmd.c:796
    #18 0xc26d0bcf30b4 in execute_command_internal
/home/vm/src/bash/origin/execute_cmd.c:1073
    #19 0xc26d0bd1eda0 in execute_function
/home/vm/src/bash/origin/execute_cmd.c:5373
    #20 0xc26d0bd1f900 in execute_builtin_or_function
/home/vm/src/bash/origin/execute_cmd.c:5611


previously allocated by thread T0 here:
    #0 0xe4b56d0e0f28 in malloc
../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
    #1 0xc26d0befdd40 in xmalloc /home/vm/src/bash/origin/xmalloc.c:104
    #2 0xc26d0bd5d000 in copy_command /home/vm/src/bash/origin/copy_cmd.c:350
    #3 0xc26d0bd5a09c in copy_group_command
/home/vm/src/bash/origin/copy_cmd.c:206
    #4 0xc26d0bd5d8a8 in copy_command /home/vm/src/bash/origin/copy_cmd.c:378
    #5 0xc26d0bd1d790 in execute_function
/home/vm/src/bash/origin/execute_cmd.c:5192
    #6 0xc26d0bd1f900 in execute_builtin_or_function
/home/vm/src/bash/origin/execute_cmd.c:5611

[Prev in Thread]

Current Thread

[Next in Thread]

segmentation fault after interrupting function that uses "time", Michael Maurer, 2024/05/23
- Re: segmentation fault after interrupting function that uses "time", Chet Ramey, 2024/05/23
  - Re: segmentation fault after interrupting function that uses "time", Grisha Levit <=
    - Re: segmentation fault after interrupting function that uses "time", Chet Ramey, 2024/05/28

Prev by Date: Re: [PATCH] rl_change_case: skip over invalid mbchars
Next by Date: Incorrect string length check
Previous by thread: Re: segmentation fault after interrupting function that uses "time"
Next by thread: Re: segmentation fault after interrupting function that uses "time"
Index(es):
- Date
- Thread