Bash parser segmentation fault with arithmetic for loop

Eduardo Bustamante Wed, 03 May 2017 21:20:55 -0700

(gdb) r -nvc 'for ((;)) do :; done&'
Starting program: /home/dualbus/src/gnu/bash/bash -nvc 'for ((;)) do :; done&'
for ((;)) do :; done&
/home/dualbus/src/gnu/bash/bash: -c: line 0: syntax error: arithmetic
expression required
/home/dualbus/src/gnu/bash/bash: -c: line 0: syntax error: `((;))'


Program received signal SIGSEGV, Segmentation fault.
0x0000555555587a1c in yyparse () at ./parse.y:1151
1151                              if ($1->type == cm_connection)
(gdb) bt
#0  0x0000555555587a1c in yyparse () at ./parse.y:1151
#1  0x0000555555584c74 in parse_command () at eval.c:294
#2  0x00005555555fdfb9 in parse_and_execute (string=0x5555558a9340
"for ((;)) do :; done&", from_file=0x555555656b50 "-c", flags=4)
    at evalstring.c:346
#3  0x000055555558332f in run_one_command (command=0x7fffffffe724 "for
((;)) do :; done&") at shell.c:1405
#4  0x00005555555824aa in main (argc=3, argv=0x7fffffffe468,
env=0x7fffffffe488) at shell.c:718

Found by fuzzing with AFL

Bash parser segmentation fault with arithmetic for loop

Reply via email to