2016-02-15 09:31:57 -0500, Chet Ramey: > On 2/15/16 8:57 AM, Pontus Stenström wrote: > > > Bash Version: 4.2 > > Patch Level: 24 > > Release Status: release > > > > Description: > > Comma expression in arithmetic evaluation referring to arrays make bash > > crash. > > > > Repeat-By: > > This works fine: > > ((c=3, d=4)) > > This crashes my bash: > > a=(2 3 4 5) # OK > > ((c=a[3], d=a[2])) # Crash > > It runs fine on bash-4.3.42 on RHEL 5 and Mac OS X. [...]
Reproduced with 4.2.53 on Debian: Starting program: bash4.2.53 -c a=\(1\ 2\ 3\ 4\ 5\ 6\)\;\ \(\(b=a\[3\],\ c=a\[4\]\)\)\;\ typeset\ -p\ b\ c Program received signal SIGSEGV, Segmentation fault. strlen () at ../sysdeps/x86_64/strlen.S:106 106 ../sysdeps/x86_64/strlen.S: No such file or directory. (gdb) bt #0 strlen () at ../sysdeps/x86_64/strlen.S:106 #1 0x000000000043c952 in expr_bind_array_element (tok=tok@entry=0x6f5328 "c", ind=ind@entry=3, rhs=rhs@entry=0x6f5318 "5") at expr.c:331 #2 0x000000000043e2c8 in expassign () at expr.c:531 #3 0x000000000043d532 in expcomma () at expr.c:441 #4 0x000000000043d736 in subexpr (expr=0x6fb7c8 "b=a[3], c=a[4]") at expr.c:419 #5 0x000000000043e5ca in evalexp (expr=0x6fb7c8 "b=a[3], c=a[4]", validp=0x7fffffffda90) at expr.c:384 #6 0x00000000004321d8 in execute_arith_command (arith_command=<optimised out>, arith_command=<optimised out>) at execute_cmd.c:3309 #7 execute_command_internal (command=0x6fb508, asynchronous=0, pipe_in=7320904, pipe_out=0, fds_to_close=0x6fdc88) at execute_cmd.c:901 #8 0x0000000000432859 in execute_connection (fds_to_close=<optimised out>, pipe_out=<optimised out>, pipe_in=<optimised out>, asynchronous=<optimised out>, command=<optimised out>) at execute_cmd.c:2326 #9 execute_command_internal (command=0x6fb5c8, asynchronous=0, pipe_in=-1, pipe_out=-1, fds_to_close=0x6fb7a8) at execute_cmd.c:891 #10 0x0000000000433fce in execute_command (command=0x6fb5c8) at execute_cmd.c:382 #11 0x000000000043281e in execute_connection (fds_to_close=<optimised out>, pipe_out=<optimised out>, pipe_in=<optimised out>, asynchronous=<optimised out>, command=<optimised out>) at execute_cmd.c:2324 #12 execute_command_internal (command=0x6fb748, asynchronous=0, pipe_in=-1, pipe_out=-1, fds_to_close=0x6fb788) at execute_cmd.c:891 #13 0x0000000000471024 in parse_and_execute (string=<optimised out>, from_file=from_file@entry=0x4a990d "-c", flags=flags@entry=4) at evalstring.c:340 #14 0x000000000041d9ba in run_one_command (command=<optimised out>) at shell.c:1315 #15 0x000000000041c786 in main (argc=3, argv=0x7fffffffdf78, env=0x7fffffffdf98) at shell.c:688 See how it calls expr_bind_array_element on "c" as if it wanted to assign something to c[3] instead of c. The 3 looks like it comes from the previous a[3] expansion. -- Stephane