BadInstruction ansicstr() strtrans.c:147:14

[anushakov--- via Bug reports for the GNU Bourne Again SHell]

   Dear Bash Maintainers,

   I encountered an issue in Bash and would like to report it. crash.txt
   is attached to the email.
   Steps to reproduce
   $
   export UBSAN_OPTIONS=halt_on_error=1,abort_on_error=1,print_stacktrace=
   true,symbolize=true,print_stacktrace=1,report_error_type=1,symbolize=1
   $ CC=clang-19 CFLAGS=" -g -fsanitize=undefined " ./configure
   --enable-largefile --without-bash-malloc
   $ make
   $ ./bash crash.txt

   Expected Behaviour
   Any messages without ubsan ERROR.

   Actual Behaviour

   strtrans.c:147:14: runtime error: signed integer overflow: 250539758 *
   16 cannot be represented in type 'int'

       #0  0x0000555555c689bd in ansicstr (string=<optimized out>,
   len=len@entry=0x15, flags=0x12, flags@entry=0x2, sawc=sawc@entry=0x0,
   rlen=rlen@entry=0x7fffffffd96c) at /bash-UBSAN/lib/sh/strtrans.c:147
       #1  0x0000555555c6ccbf in ansiexpand
   (string=string@entry=0x5555563f0c20 \"\\\\x{0eeeeeeeeee\\270echo $'\",
   start=start@entry=0x0, end=<optimized out>,
   lenp=lenp@entry=0x7fffffffd96c) at /bash-UBSAN/lib/sh/strtrans.c:390
       #2  0x00005555555ffb1e in read_token_word (character=<optimized
   out>) at /bash-UBSAN/parse.y:5063
       #3  read_token (command=0x0) at /bash-UBSAN/parse.y:3594
       #4  0x00005555555a4274 in yylex () at /bash-UBSAN/parse.y:2890
       #5  yyparse () at /bash-UBSAN/y.tab.c:1854
       #6  0x000055555559f897 in parse_command () at
   /bash-UBSAN/eval.c:348
       #7  0x000055555559e84a in read_command () at /bash-UBSAN/eval.c:392
       #8  0x000055555559deeb in reader_loop () at /bash-UBSAN/eval.c:139
       #9  0x000055555558eaa2 in main (argc=0x5, argv=<optimized out>,
   env=<optimized out>) at /bash-UBSAN/shell.c:833
   Aborted (core dumped)

   Bash Version
   commit
   2cdb2f9b314525a118eff5237839ccc272c2e32b
   [1]root@fc5d05699037:/upstream/bash# ./bash --version
   [2]GNU bash, version 5.3.0(2)-maint (x86_64-pc-linux-gnu)
   [3]Copyright (C) 2025 Free Software Foundation, Inc.
   [4]License GPLv3+: GNU GPL version 3 or later
   <http://gnu.org/licenses/gpl.html>

   [5]This is free software; you are free to change and redistribute it.
   [6]There is NO WARRANTY, to the extent permitted by law.
   Also, the behaviour is repeating on release bash 5.2 version.

   System Info
   Linux astra 6.1.90-1-generic #astra2+ci15 SMP PREEMPT_DYNAMIC Tue Jul
   23 09:49:19 MSK 2024 x86_64 GNU/Linux
   Debian clang version 19.1.4 (1~deb12u1)
   Target: x86_64-pc-linux-gnu
   Thread model: posix
   InstalledDir: /usr/lib/llvm-19/bin

References

   1. mailto:root@fb1d7dcac77a
   2. mailto:root@fb1d7dcac77a
   3. mailto:root@fb1d7dcac77a
   4. mailto:root@fb1d7dcac77a
   5. mailto:root@fb1d7dcac77a
   6. mailto:root@fb1d7dcac77a

och0eeeeeeeeeeeeco $'\x{0eeeeeeeeeeecho $'\x{01