[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bash crash
From: |
Chet Ramey |
Subject: |
Re: Bash crash |
Date: |
Wed, 21 Oct 2015 08:50:34 -0400 |
User-agent: |
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 |
On 10/20/15 10:29 PM, Kai Wang X wrote:
> Hi Chet,
>
> Thank you for your response.
>
> But it does not make sense since sbrk failure will be checked:
>
> mp = (union mhead *) sbrk (sbrk_amt);
>
> /* Totally out of memory. */
> if ((long)mp == -1)
> goto morecore_done;
Sure, sbrk failure is checked, but not whether it returns an invalid value.
The segmentation fault occurs when the bash malloc attempts to dereference
the value returned by sbrk. If the memory access generates a fault, it's
either 0 or out of bounds. Either way, sbrk returned a bad value without
raising an error.
Chet
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU chet@case.edu http://cnswww.cns.cwru.edu/~chet/
- Bash crash, Kai Wang X, 2015/10/20
- Re: Bash crash, Chet Ramey, 2015/10/20
- RE: Bash crash, Kai Wang X, 2015/10/20
- Re: Bash crash,
Chet Ramey <=
- Message not available
- RE: Bash crash, Kai Wang X, 2015/10/21
- Re: Bash crash, Greg Wooledge, 2015/10/22
- Re: Bash crash, Piotr Grzybowski, 2015/10/22
- RE: Bash crash, Kai Wang X, 2015/10/23
- Re: Bash crash, Piotr Grzybowski, 2015/10/23
- RE: Bash crash, Kai Wang X, 2015/10/23
- Re: Bash crash, Piotr Grzybowski, 2015/10/23
Message not available