On Thu, May 23, 2024 at 3:55 PM Chet Ramey <chet.ra...@case.edu> wrote:
>
> On 5/23/24 7:43 AM, Michael Maurer wrote:
>
> > Bash Version: 5.2
> > Patch Level: 15
> > Release Status: release
> >
> > Description:
> > Calling a function that itself uses the keyword "time" to call
> > another function that performs a long task, and then interrupting with
> > Ctrl+C before it is complete, causes a segfault. Behavior varies depending
> > on whether or not the output of time is piped into another command, and
> > whether the functions were sourced from a file or typed in directly.
> > Seems similar to the bug previously reported here:
> > https://lists.gnu.org/archive/html/bug-bash/2019-07/msg00004.html
>
> I can't reproduce this on macOS, RHEL 9, or Debian 12 with either the
> latest devel branch or bash-5.2.26.
This shows up with ASAN:
bash-5.3$ g() { sleep 10; :; }; f() { time g; }; f
^C
=================================================================
==12333==ERROR: AddressSanitizer: heap-use-after-free on address
0x5030000098b4 at pc 0xc26d0bcf8268 bp 0xfffffbfb85c0 sp
0xfffffbfb85b0
WRITE of size 4 at 0x5030000098b4 thread T0
#0 0xc26d0bcf8264 in time_command
/home/vm/src/bash/origin/execute_cmd.c:1456
#1 0xc26d0bcf0148 in execute_command_internal
/home/vm/src/bash/origin/execute_cmd.c:796
#2 0xc26d0bcf30b4 in execute_command_internal
/home/vm/src/bash/origin/execute_cmd.c:1073
#3 0xc26d0bd1eda0 in execute_function
/home/vm/src/bash/origin/execute_cmd.c:5373
#4 0xc26d0bd1f900 in execute_builtin_or_function
/home/vm/src/bash/origin/execute_cmd.c:5611
0x5030000098b4 is located 4 bytes inside of 32-byte region
[0x5030000098b0,0x5030000098d0)
freed by thread T0 here:
#0 0xe4b56d0dfb0c in free
../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:52
#1 0xc26d0bceab7c in dispose_command
/home/vm/src/bash/origin/dispose_cmd.c:204
#2 0xc26d0bce9b4c in dispose_command
/home/vm/src/bash/origin/dispose_cmd.c:82
#3 0xc26d0bceaba4 in uw_dispose_command
/home/vm/src/bash/origin/dispose_cmd.c:210
#4 0xc26d0be53868 in unwind_frame_run_internal
/home/vm/src/bash/origin/unwind_prot.c:286
#5 0xc26d0be51b64 in run_unwind_protects_internal
/home/vm/src/bash/origin/unwind_prot.c:211
#6 0xc26d0be50ee8 in run_unwind_protects
/home/vm/src/bash/origin/unwind_prot.c:145
#7 0xc26d0be61998 in throw_to_top_level /home/vm/src/bash/origin/sig.c:465
#8 0xc26d0bcee4f4 in execute_command
/home/vm/src/bash/origin/execute_cmd.c:455
#9 0xc26d0bd04a88 in execute_connection
/home/vm/src/bash/origin/execute_cmd.c:2832
#10 0xc26d0bcf30d4 in execute_command_internal
/home/vm/src/bash/origin/execute_cmd.c:1080
#11 0xc26d0bcf30b4 in execute_command_internal
/home/vm/src/bash/origin/execute_cmd.c:1073
#12 0xc26d0bd1eda0 in execute_function
/home/vm/src/bash/origin/execute_cmd.c:5373
#13 0xc26d0bd1f900 in execute_builtin_or_function
/home/vm/src/bash/origin/execute_cmd.c:5611
#14 0xc26d0bd1b9e8 in execute_simple_command
/home/vm/src/bash/origin/execute_cmd.c:4817
#15 0xc26d0bcf1240 in execute_command_internal
/home/vm/src/bash/origin/execute_cmd.c:905
#16 0xc26d0bcf8198 in time_command
/home/vm/src/bash/origin/execute_cmd.c:1453
#17 0xc26d0bcf0148 in execute_command_internal
/home/vm/src/bash/origin/execute_cmd.c:796
#18 0xc26d0bcf30b4 in execute_command_internal
/home/vm/src/bash/origin/execute_cmd.c:1073
#19 0xc26d0bd1eda0 in execute_function
/home/vm/src/bash/origin/execute_cmd.c:5373
#20 0xc26d0bd1f900 in execute_builtin_or_function
/home/vm/src/bash/origin/execute_cmd.c:5611
previously allocated by thread T0 here:
#0 0xe4b56d0e0f28 in malloc
../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0xc26d0befdd40 in xmalloc /home/vm/src/bash/origin/xmalloc.c:104
#2 0xc26d0bd5d000 in copy_command /home/vm/src/bash/origin/copy_cmd.c:350
#3 0xc26d0bd5a09c in copy_group_command
/home/vm/src/bash/origin/copy_cmd.c:206
#4 0xc26d0bd5d8a8 in copy_command /home/vm/src/bash/origin/copy_cmd.c:378
#5 0xc26d0bd1d790 in execute_function
/home/vm/src/bash/origin/execute_cmd.c:5192
#6 0xc26d0bd1f900 in execute_builtin_or_function
/home/vm/src/bash/origin/execute_cmd.c:5611
