bash crashes often if inputrc contains revert-all-at-newline
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
bash (Debian) |
Fix Released
|
Unknown
|
|||
bash (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Trusty |
Fix Released
|
High
|
Unassigned |
Bug Description
Debian bug: https:/
The Debian bug includes complete reproduction case. Basically:
with .inputrc containing
set revert-
Go back in the commandline history, edit a command, then submit a different command (may be empty)
Such as:
$ ls something
$ <UP><CTRL+
Attached diff is confirmed to fix the issue.
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: bash 4.3-7ubuntu1.5 [origin: goobuntu-
ProcVersionSign
Uname: Linux 3.13.0-44-generic x86_64
NonfreeKernelMo
ApportVersion: 2.14.1-0ubuntu3.6
Architecture: amd64
CurrentDesktop: X-Cinnamon
Date: Tue Feb 17 15:49:30 2015
SourcePackage: bash
UpgradeStatus: No upgrade log present (probably fresh install)
modified.
mtime.conffile.
[Test Case]
Adapted from the Debian bug report:
1. echo "set revert-
2. INPUTRC=bug.inputrc bash
3. echo hello
4. ^P^U^N^M [Hold down control and type "punm".]
Bash should die immediately with SIGABRT.
[Regression Potential]
Relatively low.
The change has no effect at all unless _rl_revert_
which only happens if revert-
newline is typed. So, the potential for regression is essentially zero for
non-interactive shells and for anyone not using revert-
is not the default).
Further, this change appeared upstream and in both Debian and Ubuntu over
a year ago, so it's had plenty of public testing.
lib/readline/
over history entries, reverting changes to each history entry. This patch
causes entry->data, which points to the per-entry undo list, to be cleared
before reverting edits rather than after. At first glance, this shouldn't
make any difference. However, it prevents rl_do_undo() from replacing the
history entry with one reflecting the change. Otherwise, the entry gets
freed, leaving _rl_revert_
_Not_ having an invalid pointer and double-free certainly can't be worse
than the current situation. Since we're avoiding is making the pointer
invalid rather than not doing the free, the chance of a new leak is pretty
much nonexistent.
tags: | added: patch |
tags: | added: patch-accepted-debian |
Changed in bash (Debian): | |
status: | Unknown → Fix Released |
Changed in bash (Ubuntu): | |
importance: | Undecided → High |
status: | Confirmed → Fix Released |
affects: | gnubash → ubuntu-translations |
no longer affects: | ubuntu-translations |
Changed in bash (Ubuntu Trusty): | |
importance: | Undecided → High |
Changed in bash (Ubuntu Trusty): | |
status: | New → Confirmed |
Changed in bash (Ubuntu Trusty): | |
status: | Confirmed → In Progress |
tags: |
added: verification-done removed: verification-needed |
tags: |
added: verification-failed removed: verification-done |
Note that the odd origin is due to the way we mirror. The package is the (unmodified) 4.3-7ubuntu1.5 package as distributed in Ubuntu.