Bug#331381: [PATCH] segmentation fault due to gcc optimization and longjmp

Sun, 02 Oct 2005 23:48:16 -0700 

Package: bash
Version: 3.0-16
Severity: normal
Tags: patch

Bash will segfault if I try to cancel a loop:

   neurosis:~$ env -i /bin/bash --norc --noprofile
   bash-3.00$ while sleep 30 ; do asdf ; done

   Segmentation fault
   neurosis:~$ 

(I pressed ^C a few seconds after entering the "while.." line).
I haven't had luck reproducing this on all the systems I tried, but
it happens every time on mine.

I traced the cause to a eval.c (reader_loop).  The problem is that
dispose_command is called twice on current_command, because the
use of setjmp/longjmp confuses GCC's dead-code optimizer:

 - The first call occurs at eval.c:151

 - The assignment as eval.c:152 is SKIPPED:
   -> GCC optimizes it out, because current_command isn't used any more

 - The "QUIT;" call at eval.c:155 causes a longjmp back to the top of
   function, with code=DISCARD

 - current_command still has it's old non-NULL value, and so
   dispose_command is called again at eval.c:112.

This code needs to be a lot more careful when using longjmp like
that.  This isn't new [1] to GCC, but maybe bash just got lucky with
older versions not doing as good of a job at dead-code removal.

The simple fix is to compile without optimization; the proper fix is
to declare the current_command pointer as volatile:

   COMMAND * volatile current_command = (COMMAND *)NULL;

Patch is attached.

-jim

[1] An old post noticing the problem with optimization and longjmp:
    
http://groups.google.com/group/comp.os.linux.development/browse_thread/thread/54ebae45ca19155c

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.13.2
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages bash depends on:
ii  base-files                    3.1.7      Debian base system miscellaneous f
ii  libc6                         2.3.5-6    GNU C Library: Shared libraries an
ii  libncurses5                   5.4-9      Shared libraries for terminal hand
ii  passwd                        1:4.0.3-35 change and administer password and

bash recommends no packages.

-- no debconf information

Attachment: volatile-command.dpatch
Description: application/shellscript

Reply via email to