If you want some more interesting seg faults, here are some:
1)
bash-5.1$ (\${_@P};${_@P})
Segmentation fault (core dumped)
# golfed version of p='${p@P}'; : "${p@P}"
bash-5.1$ bash --norc
bash-5.1$ PS1=\${PS1@P}
Segmentation fault (core dumped)
bash-5.1$
# in an interactive shell, PS1='${PS1@P}' will also cause a crash
# when PS1 is implictly expanded before being printed
2)
bash-5.1$ (eval "$BASH_COMMAND"')
Segmentation fault (core dumped)
3)
bash-5.1$ gcc -shared -xc -ocool_builtin - <<< 'int cool_struct=0;'
bash-5.1$ (enable -f ./cool_builtin cool)
Segmentation fault (core dumped)
4)
bash-5.1$ (_[\${!_}];$[_])
Segmentation fault (core dumped)
# golfed version of x='x[${!x}]'; : "$(( x ))"
# may also be triggered using x='x[${!x}]'; : "${!x}"
# or by using a builtin that takes a varname:
# *) x='x[${!x}]'; read -r "$x" <<< ''
# *) x='x[${!x}]'; printf -v "$x" ''
# *) x='x[${!x}]'; [ -v "$x" ]
# *) ...
Cheers.
emanuele6
On 31/08/2022, Евгений Штанов <evg.shta...@gmail.com> wrote:
> Configuration Information [Automatically generated, do not change]:
> Machine: x86_64
> OS: linux-gnu
> Compiler: gcc
> Compilation CFLAGS: -g -O2 -flto=auto -ffat-lto-objects -flto=auto
> -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security
> -Wall
> uname output: Linux Shtanov-Home-PC 5.10.16.3-microsoft-standard-WSL2 #1
> SMP Fri Apr 2 22:23:49 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
> Machine Type: x86_64-pc-linux-gnu
>
> Bash Version: 5.1
> Patch Level: 16
> Release Status: release
>
> Description:
> Hi! I was fuzzing bash with AFL++ and found segmentation fault.
> Backtrace in in attachment
>
> Repeat-By:
> 1. Build bash;
> 2. Run with AFL++ crafted input (in attachment).
>
