Package: dash Version: 0.5.8-2.5 Tags: security dash crashes when checking syntax of some scripts:
$ printf '%032d<<0;do %024d\n%028d\r\360\255\336' | dash -n Segmentation fault GDB says it's an out-of-bounds write: Program received signal SIGSEGV, Segmentation fault. 0x5656542e in parseheredoc () at ../../src/parser.c:672 672 here->here->nhere.doc = n; (gdb) print here->here->nhere Cannot access memory at address 0xdeadf00d (gdb) bt #0 0x5656542e in parseheredoc () at ../../src/parser.c:672 #1 0x56564540 in list (nlflag=1) at ../../src/parser.c:198 #2 0x56564419 in parsecmd (interact=0) at ../../src/parser.c:151 #3 0x56561ae4 in cmdloop (top=1) at ../../src/main.c:224 #4 0x56561a4b in main (argc=2, argv=0xffffd694) at ../../src/main.c:178 -- System Information: Architecture: i386 Versions of packages dash depends on: ii libc6 2.24-17 ii debianutils 4.8.2 ii dpkg 1.18.24 -- Jakub Wilk