Configuration Information [Automatically generated, do not change]:
Machine: x86_64
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='x86_64'
-DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='x86_64-pc-linux-gnu'
-DCONF_VENDOR='pc' -DLOCALEDIR='/usr/share/locale' -DPACKAGE='bash' -DSHELL
-DHAVE_CONFIG_H -I. -I../. -I.././include -I.././lib -Wdate-time
-D_FORTIFY_SOURCE=2 -g -O2
-fdebug-prefix-map=/build/bash-GTWdCm/bash-4.4.18=.
-fstack-protector-strong -Wformat -Werror=format-security -Wall
-Wno-parentheses -Wno-format-security
uname output: Linux <redacted>.google.com <redacted>-amd64 #1 SMP Debian
<redacted> (2019-05-15 > 2018) x86_64 GNU/Linux
Machine Type: x86_64-pc-linux-gnu
Bash Version: 4.4
Patch Level: 19
Release Status: release
Description:
I found a reproducible segmentation fault in bash.
Some interaction between the "time" builtin and signals, perhaps?
The stack trace for this crash (with addresses elided) was:
#0 ... in _int_malloc (av=av@entry=... <main_arena>, bytes=bytes@entry=32)
at malloc.c:...
#1 ... in __GI___libc_malloc (bytes=32) at malloc.c:...
#2 ... in xmalloc ()
#3 ... in unwind_protect_mem ()
#4 ... in ?? ()
#5 ... in ?? ()
#6 ... in execute_command_internal ()
#7 ... in execute_command ()
#8 ... in reader_loop ()
#9 ... in main ()
Repeat-By:
1. Start a bash shell, and type the following commands:
foo() { sleep 10; sleep 10; }
bar() { time foo; }
bar
2. Interrupt the command in step 1 by hitting control-C after "bar" has
been running for a second or two.
3. Type the following commands:
bar
Terminal log from reproducing this bug:
bash$ env - bash --noprofile --norc
bash-4.4$ ulimit -c unlimited
bash-4.4$ cd /tmp
bash-4.4$ foo() { sleep 10; sleep 10; }
bash-4.4$ bar() { time foo; }
bash-4.4$ bar
^C
real 0m0.832s
user 0m0.002s
sys 0m0.001s
bash-4.4$ bar
Segmentation fault (core dumped)
--
Fergus Henderson <fer...@google.com>
