'=~' crash on NetBSD

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

'=~' crash on NetBSD

Martijn Dekker
On NetBSD, bash (all versions, including current git) dumps core when
using [[ to match against an ERE containing certain UTF-8 characters,
for example, É ($'\303\211').

| $ bin/bash-5.0-debug -c "[[ c =~ $'\303\211' ]]"
|
| malloc: unknown:0: assertion botched
| malloc: 0x81ba08: allocated: last allocated from unknown:0
| free: start and end chunk sizes differ
| Aborting...Abort trap (core dumped)

If it helps, here's a backtrace generated from the core file by 'gdb'.
It seems to suggest that only the first byte of the UTF-8 character is
included in the pattern...

#0  0x00007ae3a22fe48a in _lwp_kill () from /usr/lib/libc.so.12
#1  0x00007ae3a22fdd32 in abort () from /usr/lib/libc.so.12
#2  0x000000000043492e in programming_error (
     format=0x5213d8 "free: start and end chunk sizes differ")
     at error.c:175
#3  0x00000000004f3e78 in xbotch (mem=0x81ba08, e=8,
     s=0x5213d8 "free: start and end chunk sizes differ", file=0x0, line=0)
     at malloc.c:358
#4  0x00000000004f4e40 in internal_free (mem=0x81ba08, file=0x0, line=0,
     flags=0) at malloc.c:964
#5  0x00000000004f5a1e in free (mem=0x81ba08) at malloc.c:1392
#6  0x00000000004b3c02 in sh_regmatch (string=0x806358 "c",
     pattern=0x819d28 "\303", flags=3) at shmatch.c:118
#7  0x0000000000424c28 in execute_cond_node (cond=0x819a48)
     at execute_cmd.c:3884
#8  0x0000000000424e3f in execute_cond_command (cond_command=0x819a48)
     at execute_cmd.c:3959
#9  0x000000000041fb34 in execute_command_internal (command=0x819a88,
     asynchronous=0, pipe_in=-1, pipe_out=-1, fds_to_close=0x8199e8)
     at execute_cmd.c:1029
#10 0x0000000000492b38 in parse_and_execute (
     string=0x805188 "[[ c =~ \303 ]]", from_file=0x4fe190 "-c", flags=4)
     at evalstring.c:460
#11 0x0000000000406452 in run_one_command (
     command=0x7f7fffb6ca46 "[[ c =~ \303 ]]") at shell.c:1436
#12 0x00000000004055f8 in main (argc=3, argv=0x7f7fffb6c468,
     env=0x7f7fffb6c488) at shell.c:738


--
modernish -- harness the shell
https://github.com/modernish/modernish

Reply | Threaded
Open this post in threaded view
|

Re: '=~' crash on NetBSD

Chet Ramey
On 5/6/20 2:08 PM, Martijn Dekker wrote:

> On NetBSD, bash (all versions, including current git) dumps core when using
> [[ to match against an ERE containing certain UTF-8 characters, for
> example, É ($'\303\211').
>
> | $ bin/bash-5.0-debug -c "[[ c =~ $'\303\211' ]]"
> |
> | malloc: unknown:0: assertion botched
> | malloc: 0x81ba08: allocated: last allocated from unknown:0
> | free: start and end chunk sizes differ
> | Aborting...Abort trap (core dumped)

What version of NetBSD? I don't run NetBSD, and I can't reproduce this on
other platforms, so I'll have to go searching for something.

Chet

--
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU    [hidden email]    http://tiswww.cwru.edu/~chet/

Reply | Threaded
Open this post in threaded view
|

Re: '=~' crash on NetBSD

Martijn Dekker
Op 07-05-20 om 14:20 schreef Chet Ramey:

> On 5/6/20 2:08 PM, Martijn Dekker wrote:
>> On NetBSD, bash (all versions, including current git) dumps core when using
>> [[ to match against an ERE containing certain UTF-8 characters, for
>> example, É ($'\303\211').
>>
>> | $ bin/bash-5.0-debug -c "[[ c =~ $'\303\211' ]]"
>> |
>> | malloc: unknown:0: assertion botched
>> | malloc: 0x81ba08: allocated: last allocated from unknown:0
>> | free: start and end chunk sizes differ
>> | Aborting...Abort trap (core dumped)
>
> What version of NetBSD? I don't run NetBSD, and I can't reproduce this on
> other platforms, so I'll have to go searching for something.

Sorry about that omission. I've tested NetBSD 8.0, 8.1 and 9.0 (all
amd64) and the bug occurs on all of these.

If it helps, sdf.org will give you a free NetBSD 8.1 user account with
access to gcc.

- M.

--
modernish -- harness the shell
https://github.com/modernish/modernish

Reply | Threaded
Open this post in threaded view
|

Re: '=~' crash on NetBSD

Chet Ramey
On 5/7/20 10:55 AM, Martijn Dekker wrote:

> Op 07-05-20 om 14:20 schreef Chet Ramey:
>> On 5/6/20 2:08 PM, Martijn Dekker wrote:
>>> On NetBSD, bash (all versions, including current git) dumps core when using
>>> [[ to match against an ERE containing certain UTF-8 characters, for
>>> example, É ($'\303\211').
>>>
>>> | $ bin/bash-5.0-debug -c "[[ c =~ $'\303\211' ]]"
>>> |
>>> | malloc: unknown:0: assertion botched
>>> | malloc: 0x81ba08: allocated: last allocated from unknown:0
>>> | free: start and end chunk sizes differ
>>> | Aborting...Abort trap (core dumped)
>>
>> What version of NetBSD? I don't run NetBSD, and I can't reproduce this on
>> other platforms, so I'll have to go searching for something.
>
> Sorry about that omission. I've tested NetBSD 8.0, 8.1 and 9.0 (all amd64)
> and the bug occurs on all of these.

It dies in regfree(). The pattern is correct at entry ("\303\211"), and
none of the allocations and frees in sh_regmatch fail. I'm calling it a
NetBSD bug.

--
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU    [hidden email]    http://tiswww.cwru.edu/~chet/