Configuration Information [Automatically generated, do not change]:
Machine: x86_64
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='x86_64'
-DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='x86_64-unknown-linux-gnu'
-DCONF_VENDOR='unknown' -DLOCALEDIR='/usr/local/share/locale' -DPACKAGE='bash'
-DSHELL -DHAVE_CONFIG_H -I. -I. -I./include -I./lib -g -O2
uname output: Linux vesta 4.5.4 #1 SMP PREEMPT Wed May 11 22:21:28 CEST 2016
x86_64 GNU/Linux
Machine Type: x86_64-unknown-linux-gnu
Bash Version: 4.3
Patch Level: 0
Release Status: release
Description:
bash dereferences a NULL pointer when the last call to fork has failed.
Repeat-By:
$ gdb -q ./bash
Reading symbols from ./bash...done.
(gdb) break fork
Breakpoint 1 at 0x41de50
(gdb) run --norc
Starting program: /home/n/bash-4.3/bash --norc
bash-4.3$ echo foo bar
foo bar
bash-4.3$ ls
Breakpoint 1, 0x00007ffff767e534 in fork () from /usr/lib/libc.so.6
(gdb) return (int) -1
Make selected stack frame return now? (y or n) y
#0 0x0000000000445c11 in make_child (command=0x7034a8 "ls",
async_p=async_p@entry=0) at jobs.c:1747
1747 while ((pid = fork ()) < 0 && errno == EAGAIN && forksleep <
FORKSLEEP_MAX)
(gdb) c
Continuing.
bash: fork: No such file or directory
bash-4.3$ echo foo bar
foo bar
Program received signal SIGSEGV, Segmentation fault.
wait_for (pid=-1) at jobs.c:2556
2556 : process_exit_status
(child->status);
(gdb) p child
$1 = (PROCESS *) 0x0
Fix:
$ diff -p jobs.c.orig jobs.c
*** jobs.c.orig 2014-01-10 15:05:34.000000000 +0100
--- jobs.c 2016-06-30 11:35:16.644672555 +0200
*************** itrace("wait_for: blocking wait for %d r
*** 2520,2526 ****
if (pid == ANY_PID)
{
termination_state = -1;
! break;
}
}
#endif /* WAITPID_BROKEN */
--- 2520,2526 ----
if (pid == ANY_PID)
{
termination_state = -1;
! goto wait_for_return;
}
}
#endif /* WAITPID_BROKEN */
