Bugs in bash-4.4-beta running on OpenBSD

Mon, 26 Oct 2015 05:08:49 -0700 

Hi Chet,

I compiled bash with:

CFLAGS='-O0 -g' ./configure --silent && make -j2 && make tests 2>&1 | tee 
out.log

And I get many parsing errors in the results. Most seem to be parenthesis
related, and some segfaults. I hope these two lead to fixing the whole thing:


$ uname -a
OpenBSD openbsd.my.domain 5.6 GENERIC#310 amd64

$ cat ../comsub.sh                                                              
                                                       
/home/dualbus/bash-4.4-beta/bash -c 'echo $(( $(echo 1) ))'
$ sh ../comsub.sh                                                               
                                                       
/home/dualbus/bash-4.4-beta/bash: command substitution: line 1: syntax error 
near unexpected token `)'
/home/dualbus/bash-4.4-beta/bash: command substitution: line 1: `echo 1) ))'

$ cat ../bash_func.sh                                                           
                                                       
env BASH_FUNC_x%%='() { _;}>_[$($())] < { echo vuln;}' 
/home/dualbus/bash-4.4-beta/bash -c :
$ sh ../bash_func.sh   
Segmentation fault (core dumped) 
$ gdb ./bash bash.core                                                          
                                                       
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-unknown-openbsd5.6"...
Core was generated by `bash'.
Program terminated with signal 11, Segmentation fault.
Loaded symbols for /home/dualbus/bash-4.4-beta/bash
Reading symbols from /usr/lib/libtermcap.so.14.0...done.
Loaded symbols for /usr/lib/libtermcap.so.14.0
Reading symbols from /usr/lib/libc.so.77.2...done.
Loaded symbols for /usr/lib/libc.so.77.2
Reading symbols from /usr/libexec/ld.so...done.
Loaded symbols for /usr/libexec/ld.so
#0  0x0000074df322b871 in yyparse () at y.tab.c:6286
6286            if (yydebug)

(gdb) bt
#0  0x0000074df322b871 in yyparse () at y.tab.c:6286
#1  0x0000074df322003c in parse_command () at eval.c:241
#2  0x0000074df329ff9a in parse_and_execute (string=0x750912e3bc0 "x () { 
_;}>_[$($())] < { echo vuln;}", 
    from_file=0x7f7ffffe9262 "x", flags=256) at evalstring.c:330
#3  0x0000074df3240aac in initialize_shell_variables (env=0x7f7ffffe9028, 
privmode=0) at variables.c:389
#4  0x0000074df321f506 in shell_initialize () at shell.c:1806
#5  0x0000074df321d394 in main (argc=3, argv=0x7f7ffffe9008, 
env=0x7f7ffffe9028) at shell.c:565

(gdb) info locals
yym = 11
yyn = 117
yystate = 112
yys = 0x0

(gdb) l y.tab.c:6286
6281        }
6282        if ((yyn = yysindex[yystate]) && (yyn += yychar) >= 0 &&
6283                yyn <= YYTABLESIZE && yycheck[yyn] == yychar)
6284        {
6285    #if YYDEBUG
6286            if (yydebug)
6287                printf("%sdebug: state %d, shifting to state %d\n",
6288                        YYPREFIX, yystate, yytable[yyn]);
6289    #endif
6290            if (yyssp >= yysslim && yygrowstack())

-- 
Eduardo Bustamante
https://dualbus.me/

Reply via email to