Package: bash Version: 3.0-16 Severity: normal Tags: patch Bash will segfault if I try to cancel a loop:
neurosis:~$ env -i /bin/bash --norc --noprofile bash-3.00$ while sleep 30 ; do asdf ; done Segmentation fault neurosis:~$ (I pressed ^C a few seconds after entering the "while.." line). I haven't had luck reproducing this on all the systems I tried, but it happens every time on mine. I traced the cause to a eval.c (reader_loop). The problem is that dispose_command is called twice on current_command, because the use of setjmp/longjmp confuses GCC's dead-code optimizer: - The first call occurs at eval.c:151 - The assignment as eval.c:152 is SKIPPED: -> GCC optimizes it out, because current_command isn't used any more - The "QUIT;" call at eval.c:155 causes a longjmp back to the top of function, with code=DISCARD - current_command still has it's old non-NULL value, and so dispose_command is called again at eval.c:112. This code needs to be a lot more careful when using longjmp like that. This isn't new [1] to GCC, but maybe bash just got lucky with older versions not doing as good of a job at dead-code removal. The simple fix is to compile without optimization; the proper fix is to declare the current_command pointer as volatile: COMMAND * volatile current_command = (COMMAND *)NULL; Patch is attached. -jim [1] An old post noticing the problem with optimization and longjmp: http://groups.google.com/group/comp.os.linux.development/browse_thread/thread/54ebae45ca19155c -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.13.2 Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages bash depends on: ii base-files 3.1.7 Debian base system miscellaneous f ii libc6 2.3.5-6 GNU C Library: Shared libraries an ii libncurses5 5.4-9 Shared libraries for terminal hand ii passwd 1:4.0.3-35 change and administer password and bash recommends no packages. -- no debconf information
volatile-command.dpatch
Description: application/shellscript