https://launchpadlibrarian.net/221500232/bash-readline-revert.debdiff should still be valid to apply to bash as-is on trusty and the problem has been fixed in utopic and up already. Thanks to Laney to accept the bug nomination, which finally caused this bug to enter the sponsoring queue (http://reqorts.qa.ubuntu.com/reports/sponsoring/index.html).
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bash in Ubuntu. https://bugs.launchpad.net/bugs/1422795 Title: bash crashes often if inputrc contains revert-all-at-newline Status in bash package in Ubuntu: Fix Released Status in bash source package in Trusty: New Status in bash package in Debian: Fix Released Bug description: Debian bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747341 The Debian bug includes complete reproduction case. Basically: with .inputrc containing set revert-all-at-newline On Go back in the commandline history, edit a command, then submit a different command (may be empty) Such as: $ ls something $ <UP><CTRL+W><DOWN><ENTER> Attached diff is confirmed to fix the issue. ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: bash 4.3-7ubuntu1.5 [origin: goobuntu-trusty-testing-desktop] ProcVersionSignature: Ubuntu 3.13.0-44.73-generic 3.13.11-ckt12 Uname: Linux 3.13.0-44-generic x86_64 NonfreeKernelModules: nvidia ApportVersion: 2.14.1-0ubuntu3.6 Architecture: amd64 CurrentDesktop: X-Cinnamon Date: Tue Feb 17 15:49:30 2015 SourcePackage: bash UpgradeStatus: No upgrade log present (probably fresh install) modified.conffile..etc.bash.bashrc: [modified] mtime.conffile..etc.bash.bashrc: 2015-01-27T03:27:18.751405 [Test Case] Adapted from the Debian bug report: 1. echo "set revert-all-at-newline on" > bug.inputrc 2. INPUTRC=bug.inputrc bash 3. echo hello 4. ^P^U^N^M [Hold down control and type "punm".] Bash should die immediately with SIGABRT. [Regression Potential] Relatively low. The change has no effect at all unless _rl_revert_all_lines() is called, which only happens if revert-all-at-newline is set, and then only when a newline is typed. So, the potential for regression is essentially zero for non-interactive shells and for anyone not using revert-all-at-newline (which is not the default). Further, this change appeared upstream and in both Debian and Ubuntu over a year ago, so it's had plenty of public testing. lib/readline/misc.c:_rl_revert_all_lines() contains a loop which iterates over history entries, reverting changes to each history entry. This patch causes entry->data, which points to the per-entry undo list, to be cleared before reverting edits rather than after. At first glance, this shouldn't make any difference. However, it prevents rl_do_undo() from replacing the history entry with one reflecting the change. Otherwise, the entry gets freed, leaving _rl_revert_all_lines() with an invalid pointer. _Not_ having an invalid pointer and double-free certainly can't be worse than the current situation. Since we're avoiding is making the pointer invalid rather than not doing the free, the chance of a new leak is pretty much nonexistent. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1422795/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
