On Thu, Feb 6, 2014 at 3:38 PM, Chet Ramey <chet.ra...@case.edu> wrote:
> On 2/5/14 10:51 PM, Dan Jacobson wrote: > > # su - nobody > > No directory, logging in with HOME=/ > > $ cat /tmp/r > > LC_CTYPE=zh_TW.UTF-8 N=$(echo 統一|iconv -t big5 -f utf-8) sh -xc ': $N' > > $ sh /tmp/r > > /tmp/r: line 1: 4551 Segmentation fault LC_CTYPE=zh_TW.UTF-8 > N=$(echo 統一|iconv -t big5 -f utf-8) sh -xc ': $N' > > > > Something about that embedded null. > > bash, version 4.3.0(1)-rc1 (i486-pc-linux-gnu) > > Probably. How about a stack traceback from gdb? > > -- > ``The lyf so short, the craft so long to lerne.'' - Chaucer > ``Ars longa, vita brevis'' - Hippocrates > Chet Ramey, ITS, CWRU c...@case.edu > http://cnswww.cns.cwru.edu/~chet/ > > With bash 3.2.25(1)-release $ LC_CTYPE=zh_TW.UTF-8 N=$(echo 統一|iconv -t big5 -f utf-8) sh -xc ': $N' + : $'\262\316\244@' With bash-rc1 I can reproduce it with: bash -xc $': \262\316\244@' Core was generated by `./bash -xc : $N'. Program terminated with signal 11, Segmentation fault. #0 ansic_quote (str=<value optimized out>, flags=<value optimized out>, rlen=0x0) at strtrans.c:282 282 *r++ = c; (gdb) bt #0 ansic_quote (str=<value optimized out>, flags=<value optimized out>, rlen=0x0) at strtrans.c:282 #1 0x00000000004303af in xtrace_print_word_list (list=0xa175ce8, xtflags=<value optimized out>) at print_cmd.c:543 #2 0x0000000000436a0b in execute_simple_command (simple_command=0xa1750c8, pipe_in=-1, pipe_out=-1, async=0, fds_to_close=0xa175128) at execute_cmd.c:4008 #3 0x00000000004342d5 in execute_command_internal (command=0xa175088, asynchronous=0, pipe_in=-1, pipe_out=-1, fds_to_close=0xa175128) at execute_cmd.c:784 #4 0x0000000000475dd2 in parse_and_execute (string=<value optimized out>, from_file=0x4b5d58 "-c", flags=<value optimized out>) at evalstring.c:359 #5 0x000000000041ec14 in run_one_command (command=0x7fffbdc94b0b ": $N") at shell.c:1339 #6 0x000000000041fcaf in main (argc=<value optimized out>, argv=0x7fffbdc928c8, env=0x7fffbdc928e8) at shell.c:694 (gdb) q
