On Thu, 22 Oct 2020 11:47:44 +0200 Thomas Schwinge <tho...@schwinge.name> wrote:
> ..., that is, SIGSEGV, supposedly when bash tries to expand the last path
> component glob ('*'):I also encountered this bug. After installing bash-dbgsym, gdb says it crashes at glob.c line 487 in wdequote_pathname(). The immediate cause of the crash there seems to be that wpathname is NULL. I suspect that the bug is the "len" argument on the previous line n = wcsrtombs(pathname, (const wchar_t **)&wpathname, len, &ps); Here "len" is byte length obtained for the original string from strlen(). But the call seems to expect the length of the wide character version in wpathname which was obtained above with xdupmbstowcs(), and so the code should use the return value of that function (in variable n) instead of len. Using too long a length makes wcsrtombs() set the pointer to NULL when it continues to a zero character.
