romine@XAGSUN.EPM.ORNL.GOV (Charles H. Romine) (06/15/89)
I know that a bug report has been `automailed' to you, but I figured it
wouldn't hurt to supply a few more details. I'm running on a Sun3/50
OS4.0.1, using the X window system version 11 release 2. Bash version
0.99, compiled with exactly one change to the Makefile (variable
`MAINTAINER'). Running the bash executable as default shell. My
`.bash_profile' file is as follows:
PS1="\h% "
ignoreeof=1
auto_resume=1
no_exit_on_failed_exec=1
nolinks=1
PATH=~/bin:/usr/gnu/bin:/usr/ucb:/bin:/usr/bin:/usr/new:/usr/local:/usr/local/bin:/etc:/usr/etc:/usr/tex/bin:/usr/local/X11.2/bin:.
export PS1 ignoreeof auto_resume no_exit_on_failed_exec nolinks PATH
alias clean='rm -f *~ .*~ core *.bak #*'
alias dvips='dvips -nodialog'
alias e=emacs
alias h=history
alias lpq='rsh seq lpq'
alias ls='ls -F'
alias more=less
alias news='/usr/local/news -a -f -b'
alias print='cat $* | rsh seq lpr -Plw1'
alias printman='cat $* | rsh seq psditroff -man -'
alias qt='cat $* | rsh seq enscript -G -fCourier-Bold8&'
alias tclean='rm -f -i *.dvi *.ps *.log *.aux *.bbl *.blg'
alias xstart='xinit .xinit > /tmp/xinit.out ; kbd_mode -a'
function look ()
{
for v in $*
do /usr/bin/look -df $v /usr/sun1/local/src/ispell/web | awk\
-f /usr/sun1/u0/romine/lib/ispell/expand.new.awk
done
}
function malias()
{
for v in $*
do grep $v $HOME/.mailrc
done
}
------- end of .bash_profile file ------
bash dumps core on the following keyboard input (assume `bash>' is
the prompt):
bash>ls -l g*
Note that bash does *not* dump core if
1) the extra space before the g is supressed
2) ls is unaliased
3) no wildcards are used
The output from the dbx command `where' gives the following:
> dbx /usr/gnu/bin/bash
Reading symbolic information...
Read 15748 symbols
(dbx) where
kill(0x45c, 0x6) at 0x2ad3c
abort() at 0x24a09
programming_error(reason = 0x233fb "*m++ == MAGIC1", arg1 = 431020, arg2 = 7), l
ine 416 in "make_cmd.c"
realloc(mem = 0x693ac "ls -F -l ", n = 72), line 606 in "alloc-files/malloc.c"
xrealloc(pointer = 0x48 "", size = 72), line 41 in "general.c"
alias_expand(string = 0x693cc "ls -l g*"), line 225 in "alias.c"
pre_process_line(line = 0x690cc "ls -l g*", print_changes = 1, addit = 1), line
839 in "bison.simple"
shell_getc(), line 718 in "bison.simple"
read_token(command = 0), line 1003 in "bison.simple"
yylex(), line 940 in "bison.simple"
yyparse(), line 309 in "bison.simple"
read_command(), line 620 in "shell.c"
reader_loop(), line 560 in "shell.c"
main(argc = 1, argv = 0xefffbd4, env = 0xefffbdc), line 461 in "shell.c"
(dbx) quit
>
Hope this helps track it down -- I don't currently have time to debug
this myself, but I intend to do it soon.
Chuck Romine
romine@msr.epm.ornl.govchet@cwns5.INS.CWRU.Edu (Chet Ramey) (06/15/89)
In article <8906141821.AA01625@xagsun.epm.ornl.gov> romine@XAGSUN.EPM.ORNL.GOV (Charles H. Romine) writes: >alias ls='ls -F' >bash dumps core on the following keyboard input (assume `bash>' is >the prompt): > >bash>ls -l g* > >Note that bash does *not* dump core if > >1) the extra space before the g is supressed >2) ls is unaliased >3) no wildcards are used What is happening is that this is tickling the one spot in expand_alias where copying into a string is not checked for overflow. It has to do with the way bash discards whitespace when expanding an alias. Here's a 2-line diff to alias.c that seems to fix the problem. *** bash-0.99/alias.c Thu Jun 8 02:51:51 1989 --- src-0.99/alias.c Wed Jun 14 18:51:51 1989 *************** *** 169,172 j = strlen (line); strncpy (line + j, string + start, i - start); line[j + (i - start)] = '\0'; --- 169,174 ----- j = strlen (line); + if ((1 + j + i - start) >= line_len) + line = (char *) xrealloc(line, line_len += (50 + i - start)); strncpy (line + j, string + start, i - start); line[j + (i - start)] = '\0'; Chet Ramey Network Services Group, CWRU chet@{cwjcc,pirate}.INS.CWRU.Edu "The flagon with the dragon has the potion with the poison; the vessel with the pestle holds the brew that is true!"