On 8/25/24 10:54 PM, Lawrence Velázquez wrote:
On Sun, Aug 25, 2024, at 6:24 PM, youheng....@gmail.com wrote:Bash Version: 5.1Patch Level: 16Note that this version of bash is outdated and will not receive further updates. The current release is 5.2.All the following scripts can create a Segmentation Fault eval '<$[;]' eval '<${;}' eval '<$[|]'These still cause the current devel branch to segfault, but (at least for me, on macOS) only when invoked via argument, as OP directed. For example, reading the scripts via stdin avoids the segfault.
The specific case is an empty command containing only a redirection that results in an expansion error read from a script or string.
% cat /tmp/poc.bash eval '<$[;]' % ./bash /tmp/poc.bash /tmp/poc.bash: line 1: ;: arithmetic syntax error: operand expected (error token is ";") /tmp/poc.bash: line 1: 55480 Segmentation fault: 11 % ./bash </tmp/poc.bash ./bash: line 1: ;: arithmetic syntax error: operand expected (error token is ";")eval '<$(;)' eval '<$(|)'Current devel doesn't segfault with these. Maybe because of the comsub parser rewrite?
Indirectly. The syntax error gets caught early.
eval '<${|}'Current devel doesn't segfault with this, either.
This is a varsub that doesn't expand to anything, so it's a redirection
error.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU c...@case.edu http://tiswww.cwru.edu/~chet/
OpenPGP_signature.asc
Description: OpenPGP digital signature
