Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!cwjcc!cwns5!chet
From: chet@cwns5.INS.CWRU.Edu (Chet Ramey)
Newsgroups: gnu.bash.bug
Subject: Re: core dump when ls aliased and globbing done
Summary: Fix enclosed
Message-ID: <362@cwjcc.CWRU.Edu>
Date: 15 Jun 89 13:00:22 GMT
References: <8906141821.AA01625@xagsun.epm.ornl.gov>
Sender: news@cwjcc.CWRU.Edu
Reply-To: chet@cwns5.INS.CWRU.Edu (Chet Ramey)
Distribution: gnu
Organization: Case Western Reserve Univ. Cleveland, Ohio, (USA)
Lines: 42

In article <8906141821.AA01625@xagsun.epm.ornl.gov> romine@XAGSUN.EPM.ORNL.GOV (Charles H. Romine) writes:

>alias ls='ls -F'

>bash dumps core on the following keyboard input (assume `bash>' is
>the prompt):
>
>bash>ls -l  g*
>
>Note that bash does *not* dump core if
>
>1) the extra space before the g is supressed
>2) ls is unaliased
>3) no wildcards are used

What is happening is that this is tickling the one spot in expand_alias where
copying into a string is not checked for overflow.  It has to do with the way
bash discards whitespace when expanding an alias.  Here's a 2-line diff to
alias.c that seems to fix the problem.

*** bash-0.99/alias.c   Thu Jun  8 02:51:51 1989
--- src-0.99/alias.c    Wed Jun 14 18:51:51 1989
***************
*** 169,172

    j = strlen (line);
    strncpy (line + j, string + start, i - start);
    line[j + (i - start)] = '\0';

--- 169,174 -----

    j = strlen (line);
+   if ((1 + j + i - start) >= line_len)
+       line = (char *) xrealloc(line, line_len += (50 + i - start));
    strncpy (line + j, string + start, i - start);
    line[j + (i - start)] = '\0';


Chet Ramey     Network Services Group, CWRU    chet@{cwjcc,pirate}.INS.CWRU.Edu

"The flagon with the dragon has the potion with the poison;
	the vessel with the pestle holds the brew that is true!"