Machine: x86_64
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='x86_64'
-DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='x86_64-redhat-linux-gnu'
-DCONF_VENDOR='redhat' -DLOCALEDIR='/usr/share/locale' -DPACKAGE='bash' -DSHELL
-DHAVE_CONFIG_H -I. -I. -I./include -I./lib -D_GNU_SOURCE -DRECYCLES_PIDS
-DDEFAULT_PATH_VALUE='/usr/local/bin:/usr/bin' -O2 -g -pipe -Wall
-Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches
-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic
-Wno-parentheses -Wno-format-security
uname output: Linux localhost.localdomain 4.13.12-200.fc26.x86_64 #1 SMP Wed
Nov 8 16:47:26 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
Machine Type: x86_64-redhat-linux-gnu
Bash Version: 4.4
Patch Level: 12
Release Status: release
Repeat-By:
$ bash -c 'true $(yes )'
bash: xrealloc: cannot allocate 18446744071562067968 bytes
Fix:
Attached patch fixes this issue.
--
--
Siteshwar Vashisht
From a91b113be8fca1a38b2b7f67be11039f3efd44e3 Mon Sep 17 00:00:00 2001
From: Siteshwar Vashisht
Date: Thu, 16 Nov 2017 12:18:00 +0100
Subject: [PATCH] Avoid integer overflow while allocating memory in
read_comsub() function
diff --git a/subst.c b/subst.c
index eb855e9d..e48524e5 100644
--- a/subst.c
+++ b/subst.c
@@ -5803,7 +5803,8 @@ read_comsub (fd, quoted, flags, rflag)
int *rflag;
{
char *istring, buf[128], *bufp, *s;
- int istring_index, istring_size, c, tflag, skip_ctlesc, skip_ctlnul;
+ size_t istring_size, istring_index;
+ int c, tflag, skip_ctlesc, skip_ctlnul;
ssize_t bufn;
int nullbyte;
--
2.13.6