Re: $RANDOM not Cryptographically secure pseudorandom number generator

On Mon, Jan 7, 2019 at 12:08 AM Chet Ramey wrote: > > On 1/5/19 3:12 PM, Eduardo A. Bustamante López wrote: > > On Fri, Dec 28, 2018 at 10:24:50AM +0100, Ole Tange wrote: > > (...) > >> Patch attached. : > > - Does the new RNG generate uniformly distributed numbers? (Yes) > > - What is the perform

Re: $RANDOM not Cryptographically secure pseudorandom number generator

On Sat, Jan 5, 2019 at 9:14 PM Eduardo A. Bustamante López wrote:> > On Fri, Dec 28, 2018 at 10:24:50AM +0100, Ole Tange wrote: > (...) > > Patch attached. : > I applied the Salsa20 RNG patch (slightly modified due to the recent changes > in > variables.c, attached [1]) to the tip of `devel` > (8

Re: realloc: start and end chunk sizes differ - rl_extend_line_buffer in lib/readline/util.c

On Sun, Jan 06, 2019 at 07:18:27PM -0800, Eduardo A. Bustamante López wrote: (...) > malloc: unknown:0: assertion botched > malloc: 0x55769408: allocated: last allocated from unknown:0 > realloc: start and end chunk sizes differ OK, I think I know what the problem is. I noticed that `rl_inser

realloc: start and end chunk sizes differ - rl_extend_line_buffer in lib/readline/util.c

Found by fuzzing with AFL debian@debian-fuzz:/mnt$ cat -A rl_extend_line_buffer 00^[^?000^?^X^E^_^Y^Y^Y^Y^Y^Y^Y^Y debian@debian-fuzz:/mnt$ base64 < rl_extend_line_buffer MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwG38wMDAwMDAwM

Re: Identical function names in bash source code

On 1/6/19 9:05 PM, Peng Yu wrote: >> "Not uncommon" is stretching it, since it happens in only one place: >> lib/readline/shell.c. > > No. it is not uncommon. See the analysis of duplicated function/macro > names and where they appear. There are around ~100 of them. Note that > this analysis is no

Recursive execution of expand_prompt_string

The expand_prompt_string function will call itself recursively in some situations: dualbus@system76-pc:~$ bash -c 'q="\${q@P}"; echo "${q@P}"' Segmentation fault My guess is that this is expected behavior. I'm reporting this because it's affecting my fuzzing effort.

Segmentation fault in lib/readline/text.c rl_change_case

I found the issue with AFL (http://lcamtuf.coredump.cx/afl/). The crash itself happens due to the following: dualbus@system76-pc:~/src/gnu/bash$ cat -n lib/readline/text.c | sed -n '1455,1460p' 1455mlen = wcrtomb (mb, nwc, &mps); // <- mlen is -1, due to `nwc' being an inval

Re: Identical function names in bash source code

> "Not uncommon" is stretching it, since it happens in only one place: > lib/readline/shell.c. No. it is not uncommon. See the analysis of duplicated function/macro names and where they appear. There are around ~100 of them. Note that this analysis is not very accurate. But the balkpark estimate s

Re: [Help-bash] What are the regex spec for function names?

> There is probably no easy regex to match strings bash will tolerate as > a function name without error. The accepted names vary in several > contexts. > > http://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_09_05 > > "The function is named fname; the application shall

Re: [IDEA] more granular shell options to fix errexit

On 12/28/18 11:23 PM, Ivan Pozdeev wrote: > With the recent inherit_errexit , the Bash team seems to have finally > bumped into a workable way to fix errexit which has been broken for decades > (https://mywiki.wooledge.org/BashFAQ/105). > > Instead of trying to invent a replacement shell option fo

Re: $RANDOM not Cryptographically secure pseudorandom number generator

On 1/5/19 3:12 PM, Eduardo A. Bustamante López wrote: > On Fri, Dec 28, 2018 at 10:24:50AM +0100, Ole Tange wrote: > (...) >> Patch attached. >> >> It is basically a copy of the code snippet from Wikipedia with a few >> trivial wrappers. >> >> Apart from using Salsa20 the biggest change is that you

Re: "return" should not continue script execution, even if used inappropriately

On Sat, Jan 5, 2019, 4:05 PM Robert Hailey > To the most excellent bash maintainers: > > I have found, what I consider to be a bug, in the following version of > bash: > * bash-4.4.23-1.fc28.x86_64 > > It is related to this error message: > * "return: can only `return' from a function or sourced s

Re: [PATCH 2/3] Fix `hashtest' target in Makefile

On 1/4/19 3:25 PM, Eduardo A. Bustamante López wrote: > - Adds the dependency on the Bash's libmalloc Not really necessary, but it doesn't hurt anything and is probably useful on systems where the shell links with the bash malloc. > - Removes the libintl dependency, since it's unused The library

Re: [PATCH 1/3] Fix implicit declaration of abort()

On 1/4/19 3:25 PM, Eduardo A. Bustamante López wrote: > gcc version 8.2.0 (Debian 8.2.0-13) x86_64-linux-gnu > > ``` > malloc.c:333:3: warning: incompatible implicit declaration of built-in > function ‘abort’ > malloc.c:333:3: note: include ‘’ or provide a declaration of ‘abort’ Thanks, but you

Re: bug in dirname loadable?

On 1/6/19 5:17 PM, Ángel wrote: > On 2018-12-26 at 12:35 -0500, Chet Ramey wrote: >> Yes, dirname should skip over a `--' denoting the end of options. Thanks >> for the report. > > This was fixed on bash-20181226 snapshot (89b3a79), however with this > change on devel branch the basename builtin n

Re: "return" should not continue script execution, even if used inappropriately

On 1/5/19 2:16 PM, Robert Hailey wrote: > > To the most excellent bash maintainers: > > I have found, what I consider to be a bug, in the following version of > bash: > * bash-4.4.23-1.fc28.x86_64 > > It is related to this error message: > * "return: can only `return' from a function or sourced

Re: bug in dirname loadable?

On 2018-12-26 at 12:35 -0500, Chet Ramey wrote: > Yes, dirname should skip over a `--' denoting the end of options. Thanks > for the report. This was fixed on bash-20181226 snapshot (89b3a79), however with this change on devel branch the basename builtin no longer compiles, as it should have also

Re: Identical function names in bash source code

On 1/5/19 1:39 PM, Eduardo Bustamante wrote: > What would you say the "suggested improvement" is here? > > To me, it reads as a generic C programming question that just happens > to use the source tree of GNU bash / GNU readline as an example. It's fine; he's just looking to understand how thing

Re: Identical function names in bash source code

On 1/5/19 1:25 PM, don fong wrote: > for my 2c, the post seems within the charter. > > quoting from the bug-bash info > page: > >> This list distributes, to the active maintainers of BASH (the Bourne Again >> SHell), bug reports and fixes for, and

Re: Identical function names in bash source code

On 1/5/19 9:19 AM, Peng Yu wrote: > Hi, > > It is not uncommon to see the same name is used to defined functions > in different .c files in bash source code. "Not uncommon" is stretching it, since it happens in only one place: lib/readline/shell.c. > For example, sh_single_quote is defined in bo

Re: problem with bash script loading

On 1/5/19 3:28 AM, Paulo Nogueira wrote: >  What occurred to me is the following: suppose a script s1 starts >  being executed, by forking say, and then s1 is overwritten; bash >  detects this and re-reads the file. Bash doesn't do that. > OK, then exactly where does >  bash continue executing