Segfault with very large extended glob patterns #207

hyenias · 2021-03-04T23:29:47Z

To bring this current memory fault back up to light as it was masked over with other material from att#1464 by @jghub . On my macOS box, this still happens:

A little redo of the test to help me find my memory fault spot:

$ x=6801 ksh -c $'[[ $( printf \'a%.0s\' {0..$x} ) == +(a) ]] && print match!'
Memory fault

with a similar original test:

$ ksh -c 'v=a; s=; for ((i=0; i < 6801; ++i)); do s+=$v; done; [[ $s == +($v) ]]'
Memory fault

Not sure if this still can be fixed or not. I would hope if some sort of recursion limit (as suggested by the original issue) was reached ksh would error out with an message.

McDutchie · 2021-03-05T01:35:01Z

I don't think I can fix this as I believe it involves rewriting the libast pattern matching engine to avoid using so much recursion. That is simply beyond me. Someone else will need to have a go at that.

McDutchie · 2021-03-07T10:14:46Z

The excessive recursion happens here. (Ignore # 0 as that just happens to be where the stack finally overflowed that time. Recursion backtrace starts from # 1.)

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   ksh                           	0x000000010392b4a8 parse + 3468 (regnexec.c:1184)
1   ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
2   ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
3   ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
4   ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
5   ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
6   ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
7   ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
8   ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
9   ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
10  ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
11  ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
12  ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
13  ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
14  ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
15  ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
16  ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
17  ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
18  ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
19  ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
20  ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
21  ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
22  ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
23  ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
24  ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
25  ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
26  ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
27  ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
28  ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
29  ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
30  ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
31  ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
32  ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
33  ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
34  ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
35  ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
36  ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
37  ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
38  ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
39  ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
40  ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
41  ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
42  ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
43  ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
44  ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
45  ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
46  ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
47  ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
48  ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
49  ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
50  ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
51  ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
52  ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
53  ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
54  ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
55  ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
56  ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
57  ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
58  ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
59  ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
60  ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
61  ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
62  ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
63  ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
64  ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
65  ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
66  ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
67  ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
68  ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
69  ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
70  ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
71  ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
72  ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
73  ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
74  ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
75  ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
76  ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
77  ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
78  ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
79  ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
80  ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
81  ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
82  ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
83  ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
84  ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
85  ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
86  ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
87  ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
88  ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
89  ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
90  ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
91  ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
92  ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
93  ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
94  ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
95  ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
96  ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
97  ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
98  ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
99  ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
100 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
101 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
102 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
103 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
104 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
105 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
106 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
107 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
108 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
109 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
110 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
111 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
112 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
113 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
114 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
115 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
116 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
117 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
118 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
119 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
120 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
121 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
122 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
123 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
124 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
125 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
126 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
127 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
128 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
129 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
130 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
131 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
132 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
133 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
134 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
135 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
136 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
137 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
138 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
139 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
140 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
141 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
142 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
143 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
144 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
145 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
146 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
147 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
148 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
149 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
150 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
151 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
152 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
153 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
154 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
155 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
156 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
157 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
158 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
159 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
160 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
161 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
162 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
163 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
164 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
165 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
166 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
167 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
168 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
169 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
170 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
171 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
172 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
173 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
174 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
175 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
176 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
177 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
178 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
179 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
180 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
181 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
182 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
183 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
184 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
185 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
186 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
187 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
188 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
189 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
190 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
191 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
192 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
193 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
194 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
195 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
196 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
197 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
198 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
199 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
200 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
201 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
202 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
203 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
204 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
205 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
206 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
207 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
208 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
209 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
210 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
211 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
212 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
213 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
214 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
215 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
216 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
217 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
218 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
219 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
220 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
221 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
222 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
223 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
224 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
225 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
226 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
227 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
228 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
229 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
230 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
231 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
232 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
233 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
234 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
235 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
236 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
237 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
238 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
239 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
240 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
241 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
242 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
243 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
244 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
245 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
246 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
247 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
248 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
249 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
250 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
251 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
252 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
253 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
254 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
255 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
256 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
257 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
258 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
259 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
260 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
261 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
262 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
263 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
264 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
265 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
266 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
267 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
268 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
269 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
270 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
271 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
272 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
273 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
274 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
275 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
276 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
277 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
278 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
279 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
280 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
281 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
282 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
283 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
284 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
285 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
286 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
287 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
288 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
289 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
290 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
291 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
292 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
293 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
294 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
295 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
296 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
297 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
298 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
299 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
300 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
301 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
302 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
303 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
304 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
305 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
306 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
307 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
308 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
309 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
310 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
311 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
312 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
313 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
314 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
315 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
316 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
317 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
318 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
319 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
320 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
321 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
322 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
323 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
324 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
325 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
326 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
327 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
328 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
329 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
330 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
331 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
332 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
333 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
334 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
335 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
336 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
337 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
338 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
339 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
340 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
341 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
342 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
343 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
344 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
345 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
346 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
347 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
348 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
349 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
350 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
351 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
352 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
353 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
354 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
355 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
356 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
357 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
358 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
359 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
360 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
361 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
362 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
363 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
364 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
365 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
366 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
367 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
368 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
369 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
370 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
371 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
372 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
373 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
374 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
375 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
376 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
377 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
378 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
379 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
380 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
381 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
382 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
383 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
384 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
385 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
386 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
387 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
388 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
389 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
390 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
391 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
392 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
393 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
394 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
395 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
396 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
397 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
398 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
399 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
400 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
401 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
402 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
403 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
404 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
405 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
406 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
407 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
408 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
409 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
410 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
411 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
412 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
413 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
414 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
415 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
416 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
417 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
418 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
419 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
420 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
421 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
422 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
423 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
424 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
425 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
426 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
427 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
428 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
429 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
430 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
431 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
432 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
433 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
434 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
435 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
436 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
437 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
438 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
439 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
440 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
441 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
442 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
443 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
444 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
445 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
446 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
447 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
448 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
449 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
450 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
451 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
452 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
453 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
454 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
455 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
456 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
457 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
458 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
459 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
460 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
461 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
462 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
463 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
464 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
465 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
466 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
467 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
468 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
469 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
470 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
471 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
472 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
473 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
474 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
475 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
476 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
477 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
478 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
479 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
480 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
481 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
482 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
483 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
484 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
485 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
486 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
487 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
488 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
489 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
490 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
491 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
492 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
493 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
494 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
495 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
496 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
497 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
498 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
499 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
500 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
501 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
502 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
503 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
504 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
505 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
506 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
507 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)
508 ksh                           	0x000000010392c578 parse + 7772 (regnexec.c:1193)
509 ksh                           	0x000000010392dcc5 parserep + 393 (regnexec.c:446)
510 ksh                           	0x000000010392c11d parse + 6657 (regnexec.c:1699)
511 ksh                           	0x000000010392c073 parse + 6487 (regnexec.c:1210)

McDutchie · 2021-03-07T11:51:11Z

See also #144 which was due to the same design flaw. The fix there was to simply refuse to match excessively long command names to a regex. Of course such a workaround can't apply here.

JohnoKing · 2022-02-01T11:35:48Z

Since this involves a design flaw in the regex engine I'm not sure if this is of much help, but I'll note that this crash first occurs in 2005-05-22 ksh93q+ (earlier versions don't segfault when running the reproducer).

Edit: Using the previous version of expand.c with git checkout 2005-03-19 -- src/cmd/ksh93/sh/expand.c in ksh93q+ is enough to avoid the segfault. Replacing the libast regex engine had no effect.

phidebian · 2022-10-09T06:33:09Z

I think there are 2 problems here.

[[ string == pattern ]] construct is for 'pattern' matching not RE (ERE, etc...) this is a globbing pattern. Then the string is in fact a path name and as such should be limited to PATH_MAX as done an many other places (like path.c). An upfront string length in the glob API would prevent the core dump. And should not generate any regression since before it was a core dump. Except if globbing pattern matching was abused by programmers to match things that are not path names.
Assuming a reject of 1) i.e we accept globbing pattern abuse, then parse() recklessly abuse recursion, i.e don't limit itself to a reasonable recursion deep (as sh_funscope does).

This is fixable by 2 means

2.1 Accept an hardcoded limit (smallest max stack deep from all supported OSes) as sh_funscope does.
2.2. Implement a stack limit reaching check in parse() recursion (i.e when getting close to the end of stack, throw an errormsg(), this would automatically adapt to OSes configurations.

Note that ksh handle ERE correctly on long input

[[ $(printf '%06800d' 0) =~ 0+ ]] && echo yes           
yes

Only [[ == ]] is abused.

I could proceed with any of those fix if you want to.

Cheers.

phidebian · 2022-10-09T07:29:24Z

Just checked bash, it crash the same way, yet the limit is higher, but still core dumps.

$ [[ $(printf '%0100000d' 0) == +(0) ]] && echo yes
Program received signal SIGSEGV, Segmentation fault.

With stack overflow.

So may be we should just leave it (close it?) as it is with 'bash bug compatible' status.

My prefered fix is 2.2 though, if we want to address this.

McDutchie · 2023-03-05T12:21:32Z

[[ string == pattern ]] construct is for 'pattern' matching not RE (ERE, etc...) this is a globbing pattern. Then the string is in fact a path name

This is not correct. Globs in Bourne and derived shells have never been exclusively for path names, they've always been used to match arbitrary values (e.g., in the case construct). The special handling of the pathname component separator / is disabled in that case so that wildcard characters will match it, e.g., ls *.txt will not list foo/bar.txt but case foo/bar.txt in *.txt) echo yes;; esac will output yes. This is not abuse, it's as designed and intended.

This is fixable by 2 means

2.1 Accept an hardcoded limit (smallest max stack deep from all supported OSes) as sh_funscope does.

2.2. Implement a stack limit reaching check in parse() recursion (i.e when getting close to the end of stack, throw an errormsg(), this would automatically adapt to OSes configurations.

My understanding is that it is basically impossible to check this reliably at runtime in C. Do you have knowledge otherwise? If this can be done well, it would be good to do this in sh_funscope() too. But, AFAIK, no shell does this, which makes me suspect it's not feasible.

But, returning to the bug at hand, there should also be a 3.3: somehow find a way to modify the algorithm so that it doesn't use four recursive C function calls for every consecutive a that matches a +(a) pattern, so that long strings can be matched without error. That would be the best option. The question is how.

phidebian · 2023-03-06T07:08:27Z

You are right, and I was wrong, I learned the semantic of globbing the hard way, bare in mind english is not my mother tong, it took me a while to understand that globbing meant yet another RE name, like RE, ERE, PCRE, and globbing, because it is the only one not named RE, I thought it was special, i.e for file path matching :-)

Regarding 3.3, not sure it is good enough, even if the 4 function are flattened (not even sure it can) it would just bumb the number of iterations before crash, basically 4x more call possible, but overflowing the stack is still what will happen.

Since crashing IMHO is bad IMHO, a developer may like to recover (bookeeping) before exiting. Having a limit on recursion depth is what is done so far for 'shell' function call, recursion break before crashing the whole thing, so that's why I proposed to set an hard limit on RE recursion level, this is simple to do, cost an integer check on each recursion function entry, and it doesn't change the algorithm (beside the depth check).

McDutchie · 2024-11-30T00:13:28Z

There is another excessive recursion problem in seq() in regcomp.c.

When the regression tests are run on a ksh compiled with AddressSanitizer a.k.a. ASan (which increases C heap usage and thus reduces maximum recursion before segfault), this test fails:

ksh/src/cmd/ksh93/tests/arrays.sh

Lines 609 to 630 in 70a0032

    
           # test for cloning a very large indexed array - can core dump 
        
           (	 
        
               trap 'x=$?;exit $(( $x!=0 ))' EXIT 
        
               $SHELL <<- \EOF 
        
           	( 
        
           		print '(' 
        
           		integer i 
        
           		for ((i=0 ; i < 16384 ; i++ )) ; do 
        
                           	printf '\tinteger var%i=%i\n' i i 
        
                   	done 
        
                   	printf 'typeset -a ar=(\n' 
        
           		for ((i=0 ; i < 16384 ; i++ )) ; do 
        
           			printf '\t[%d]=%d\n' i i 
        
           		done 
        
           		print ')' 
        
           		print ')' 
        
           	) | read -C hugecpv 
        
           	compound hugecpv2=hugecpv 
        
           	v=$(typeset -p hugecpv) 
        
           	[[ ${v/hugecpv/hugecpv2} == "$(typeset -p hugecpv2)" ]] 
        
           EOF 
        
           ) 2> /dev/null || err_exit 'copying a large array fails'

The crash happens on line 628, as the == operator of [[…]] invokes the regex code. So copying the array works just fine, it's at the check that it crashes.

When we remove the 2>/dev/null from line 630 to see what's going on, we see this ASan stack trace:

$ bin/shtests -p arrays
#### Regression-testing /usr/local/src/ksh93/ksh/arch.ASan/darwin.arm64-64/dyn/bin/ksh ####
test arrays begins at 2024-11-30+00:00:33
AddressSanitizer:DEADLYSIGNAL
=================================================================
==24373==ERROR: AddressSanitizer: stack-overflow on address 0x00016ac73e00 (pc 0x00010574054c bp 0x00016ac748c0 sp 0x00016ac73e00 T0)
    #0 0x10574054c in magic regcomp.c
    #1 0x10572b2c0 in token regcomp.c:1019
    #2 0x10572b540 in seq regcomp.c:2599
    #3 0x10572c788 in seq regcomp.c:2683
    #4 0x10572c788 in seq regcomp.c:2683
    #5 0x10572c788 in seq regcomp.c:2683
    #6 0x10572c788 in seq regcomp.c:2683
    #7 0x10572c788 in seq regcomp.c:2683
    #8 0x10572c788 in seq regcomp.c:2683
    #9 0x10572c788 in seq regcomp.c:2683
    #10 0x10572c788 in seq regcomp.c:2683
    #11 0x10572c788 in seq regcomp.c:2683
    #12 0x10572c788 in seq regcomp.c:2683
    #13 0x10572c788 in seq regcomp.c:2683
    #14 0x10572c788 in seq regcomp.c:2683
    #15 0x10572c788 in seq regcomp.c:2683
    #16 0x10572c788 in seq regcomp.c:2683
    #17 0x10572c788 in seq regcomp.c:2683
    #18 0x10572c788 in seq regcomp.c:2683
    #19 0x10572c788 in seq regcomp.c:2683
    #20 0x10572c788 in seq regcomp.c:2683
    #21 0x10572c788 in seq regcomp.c:2683
    #22 0x10572c788 in seq regcomp.c:2683
    #23 0x10572c788 in seq regcomp.c:2683
    #24 0x10572c788 in seq regcomp.c:2683
    #25 0x10572c788 in seq regcomp.c:2683
    #26 0x10572c788 in seq regcomp.c:2683
    #27 0x10572c788 in seq regcomp.c:2683
    #28 0x10572c788 in seq regcomp.c:2683
    #29 0x10572c788 in seq regcomp.c:2683
    #30 0x10572c788 in seq regcomp.c:2683
    #31 0x10572c788 in seq regcomp.c:2683
    #32 0x10572c788 in seq regcomp.c:2683
    #33 0x10572c788 in seq regcomp.c:2683
    #34 0x10572c788 in seq regcomp.c:2683
    #35 0x10572c788 in seq regcomp.c:2683
    #36 0x10572c788 in seq regcomp.c:2683
    #37 0x10572c788 in seq regcomp.c:2683
    #38 0x10572c788 in seq regcomp.c:2683
    #39 0x10572c788 in seq regcomp.c:2683
    #40 0x10572c788 in seq regcomp.c:2683
    #41 0x10572c788 in seq regcomp.c:2683
    #42 0x10572c788 in seq regcomp.c:2683
    #43 0x10572c788 in seq regcomp.c:2683
    #44 0x10572c788 in seq regcomp.c:2683
    #45 0x10572c788 in seq regcomp.c:2683
    #46 0x10572c788 in seq regcomp.c:2683
    #47 0x10572c788 in seq regcomp.c:2683
    #48 0x10572c788 in seq regcomp.c:2683
    #49 0x10572c788 in seq regcomp.c:2683
    #50 0x10572c788 in seq regcomp.c:2683
    #51 0x10572c788 in seq regcomp.c:2683
    #52 0x10572c788 in seq regcomp.c:2683
    #53 0x10572c788 in seq regcomp.c:2683
    #54 0x10572c788 in seq regcomp.c:2683
    #55 0x10572c788 in seq regcomp.c:2683
    #56 0x10572c788 in seq regcomp.c:2683
    #57 0x10572c788 in seq regcomp.c:2683
    #58 0x10572c788 in seq regcomp.c:2683
    #59 0x10572c788 in seq regcomp.c:2683
    #60 0x10572c788 in seq regcomp.c:2683
    #61 0x10572c788 in seq regcomp.c:2683
    #62 0x10572c788 in seq regcomp.c:2683
    #63 0x10572c788 in seq regcomp.c:2683
    #64 0x10572c788 in seq regcomp.c:2683
    #65 0x10572c788 in seq regcomp.c:2683
    #66 0x10572c788 in seq regcomp.c:2683
    #67 0x10572c788 in seq regcomp.c:2683
    #68 0x10572c788 in seq regcomp.c:2683
    #69 0x10572c788 in seq regcomp.c:2683
    #70 0x10572c788 in seq regcomp.c:2683
    #71 0x10572c788 in seq regcomp.c:2683
    #72 0x10572c788 in seq regcomp.c:2683
    #73 0x10572c788 in seq regcomp.c:2683
    #74 0x10572c788 in seq regcomp.c:2683
    #75 0x10572c788 in seq regcomp.c:2683
    #76 0x10572c788 in seq regcomp.c:2683
    #77 0x10572c788 in seq regcomp.c:2683
    #78 0x10572c788 in seq regcomp.c:2683
    #79 0x10572c788 in seq regcomp.c:2683
    #80 0x10572c788 in seq regcomp.c:2683
    #81 0x10572c788 in seq regcomp.c:2683
    #82 0x10572c788 in seq regcomp.c:2683
    #83 0x10572c788 in seq regcomp.c:2683
    #84 0x10572c788 in seq regcomp.c:2683
    #85 0x10572c788 in seq regcomp.c:2683
    #86 0x10572c788 in seq regcomp.c:2683
    #87 0x10572c788 in seq regcomp.c:2683
    #88 0x10572c788 in seq regcomp.c:2683
    #89 0x10572c788 in seq regcomp.c:2683
    #90 0x10572c788 in seq regcomp.c:2683
    #91 0x10572c788 in seq regcomp.c:2683
    #92 0x10572c788 in seq regcomp.c:2683
    #93 0x10572c788 in seq regcomp.c:2683
    #94 0x10572c788 in seq regcomp.c:2683
    #95 0x10572c788 in seq regcomp.c:2683
    #96 0x10572c788 in seq regcomp.c:2683
    #97 0x10572c788 in seq regcomp.c:2683
    #98 0x10572c788 in seq regcomp.c:2683
    #99 0x10572c788 in seq regcomp.c:2683
    #100 0x10572c788 in seq regcomp.c:2683
    #101 0x10572c788 in seq regcomp.c:2683
    #102 0x10572c788 in seq regcomp.c:2683
    #103 0x10572c788 in seq regcomp.c:2683
    #104 0x10572c788 in seq regcomp.c:2683
    #105 0x10572c788 in seq regcomp.c:2683
    #106 0x10572c788 in seq regcomp.c:2683
    #107 0x10572c788 in seq regcomp.c:2683
    #108 0x10572c788 in seq regcomp.c:2683
    #109 0x10572c788 in seq regcomp.c:2683
    #110 0x10572c788 in seq regcomp.c:2683
    #111 0x10572c788 in seq regcomp.c:2683
    #112 0x10572c788 in seq regcomp.c:2683
    #113 0x10572c788 in seq regcomp.c:2683
    #114 0x10572c788 in seq regcomp.c:2683
    #115 0x10572c788 in seq regcomp.c:2683
    #116 0x10572c788 in seq regcomp.c:2683
    #117 0x10572c788 in seq regcomp.c:2683
    #118 0x10572c788 in seq regcomp.c:2683
    #119 0x10572c788 in seq regcomp.c:2683
    #120 0x10572c788 in seq regcomp.c:2683
    #121 0x10572c788 in seq regcomp.c:2683
    #122 0x10572c788 in seq regcomp.c:2683
    #123 0x10572c788 in seq regcomp.c:2683
    #124 0x10572c788 in seq regcomp.c:2683
    #125 0x10572c788 in seq regcomp.c:2683
    #126 0x10572c788 in seq regcomp.c:2683
    #127 0x10572c788 in seq regcomp.c:2683
    #128 0x10572c788 in seq regcomp.c:2683
    #129 0x10572c788 in seq regcomp.c:2683
    #130 0x10572c788 in seq regcomp.c:2683
    #131 0x10572c788 in seq regcomp.c:2683
    #132 0x10572c788 in seq regcomp.c:2683
    #133 0x10572c788 in seq regcomp.c:2683
    #134 0x10572c788 in seq regcomp.c:2683
    #135 0x10572c788 in seq regcomp.c:2683
    #136 0x10572c788 in seq regcomp.c:2683
    #137 0x10572c788 in seq regcomp.c:2683
    #138 0x10572c788 in seq regcomp.c:2683
    #139 0x10572c788 in seq regcomp.c:2683
    #140 0x10572c788 in seq regcomp.c:2683
    #141 0x10572c788 in seq regcomp.c:2683
    #142 0x10572c788 in seq regcomp.c:2683
    #143 0x10572c788 in seq regcomp.c:2683
    #144 0x10572c788 in seq regcomp.c:2683
    #145 0x10572c788 in seq regcomp.c:2683
    #146 0x10572c788 in seq regcomp.c:2683
    #147 0x10572c788 in seq regcomp.c:2683
    #148 0x10572c788 in seq regcomp.c:2683
    #149 0x10572c788 in seq regcomp.c:2683
    #150 0x10572c788 in seq regcomp.c:2683
    #151 0x10572c788 in seq regcomp.c:2683
    #152 0x10572c788 in seq regcomp.c:2683
    #153 0x10572c788 in seq regcomp.c:2683
    #154 0x10572c788 in seq regcomp.c:2683
    #155 0x10572c788 in seq regcomp.c:2683
    #156 0x10572c788 in seq regcomp.c:2683
    #157 0x10572c788 in seq regcomp.c:2683
    #158 0x10572c788 in seq regcomp.c:2683
    #159 0x10572c788 in seq regcomp.c:2683
    #160 0x10572c788 in seq regcomp.c:2683
    #161 0x10572c788 in seq regcomp.c:2683
    #162 0x10572c788 in seq regcomp.c:2683
    #163 0x10572c788 in seq regcomp.c:2683
    #164 0x10572c788 in seq regcomp.c:2683
    #165 0x10572c788 in seq regcomp.c:2683
    #166 0x10572c788 in seq regcomp.c:2683
    #167 0x10572c788 in seq regcomp.c:2683
    #168 0x10572c788 in seq regcomp.c:2683
    #169 0x10572c788 in seq regcomp.c:2683
    #170 0x10572c788 in seq regcomp.c:2683
    #171 0x10572c788 in seq regcomp.c:2683
    #172 0x10572c788 in seq regcomp.c:2683
    #173 0x10572c788 in seq regcomp.c:2683
    #174 0x10572c788 in seq regcomp.c:2683
    #175 0x10572c788 in seq regcomp.c:2683
    #176 0x10572c788 in seq regcomp.c:2683
    #177 0x10572c788 in seq regcomp.c:2683
    #178 0x10572c788 in seq regcomp.c:2683
    #179 0x10572c788 in seq regcomp.c:2683
    #180 0x10572c788 in seq regcomp.c:2683
    #181 0x10572c788 in seq regcomp.c:2683
    #182 0x10572c788 in seq regcomp.c:2683
    #183 0x10572c788 in seq regcomp.c:2683
    #184 0x10572c788 in seq regcomp.c:2683
    #185 0x10572c788 in seq regcomp.c:2683
    #186 0x10572c788 in seq regcomp.c:2683
    #187 0x10572c788 in seq regcomp.c:2683
    #188 0x10572c788 in seq regcomp.c:2683
    #189 0x10572c788 in seq regcomp.c:2683
    #190 0x10572c788 in seq regcomp.c:2683
    #191 0x10572c788 in seq regcomp.c:2683
    #192 0x10572c788 in seq regcomp.c:2683
    #193 0x10572c788 in seq regcomp.c:2683
    #194 0x10572c788 in seq regcomp.c:2683
    #195 0x10572c788 in seq regcomp.c:2683
    #196 0x10572c788 in seq regcomp.c:2683
    #197 0x10572c788 in seq regcomp.c:2683
    #198 0x10572c788 in seq regcomp.c:2683
    #199 0x10572c788 in seq regcomp.c:2683
    #200 0x10572c788 in seq regcomp.c:2683
    #201 0x10572c788 in seq regcomp.c:2683
    #202 0x10572c788 in seq regcomp.c:2683
    #203 0x10572c788 in seq regcomp.c:2683
    #204 0x10572c788 in seq regcomp.c:2683
    #205 0x10572c788 in seq regcomp.c:2683
    #206 0x10572c788 in seq regcomp.c:2683
    #207 0x10572c788 in seq regcomp.c:2683
    #208 0x10572c788 in seq regcomp.c:2683
    #209 0x10572c788 in seq regcomp.c:2683
    #210 0x10572c788 in seq regcomp.c:2683
    #211 0x10572c788 in seq regcomp.c:2683
    #212 0x10572c788 in seq regcomp.c:2683
    #213 0x10572c788 in seq regcomp.c:2683
    #214 0x10572c788 in seq regcomp.c:2683
    #215 0x10572c788 in seq regcomp.c:2683
    #216 0x10572c788 in seq regcomp.c:2683
    #217 0x10572c788 in seq regcomp.c:2683
    #218 0x10572c788 in seq regcomp.c:2683
    #219 0x10572c788 in seq regcomp.c:2683
    #220 0x10572c788 in seq regcomp.c:2683
    #221 0x10572c788 in seq regcomp.c:2683
    #222 0x10572c788 in seq regcomp.c:2683
    #223 0x10572c788 in seq regcomp.c:2683
    #224 0x10572c788 in seq regcomp.c:2683
    #225 0x10572c788 in seq regcomp.c:2683
    #226 0x10572c788 in seq regcomp.c:2683
    #227 0x10572c788 in seq regcomp.c:2683
    #228 0x10572c788 in seq regcomp.c:2683
    #229 0x10572c788 in seq regcomp.c:2683
    #230 0x10572c788 in seq regcomp.c:2683
    #231 0x10572c788 in seq regcomp.c:2683
    #232 0x10572c788 in seq regcomp.c:2683
    #233 0x10572c788 in seq regcomp.c:2683
    #234 0x10572c788 in seq regcomp.c:2683
    #235 0x10572c788 in seq regcomp.c:2683
    #236 0x10572c788 in seq regcomp.c:2683
    #237 0x10572c788 in seq regcomp.c:2683
    #238 0x10572c788 in seq regcomp.c:2683
    #239 0x10572c788 in seq regcomp.c:2683
    #240 0x10572c788 in seq regcomp.c:2683
    #241 0x10572c788 in seq regcomp.c:2683
    #242 0x10572c788 in seq regcomp.c:2683
    #243 0x10572c788 in seq regcomp.c:2683
    #244 0x10572c788 in seq regcomp.c:2683
    #245 0x10572c788 in seq regcomp.c:2683
    #246 0x10572c788 in seq regcomp.c:2683
    #247 0x10572c788 in seq regcomp.c:2683
    #248 0x10572c788 in seq regcomp.c:2683
    #249 0x10572c788 in seq regcomp.c:2683
    #250 0x10572c788 in seq regcomp.c:2683
    #251 0x10572c788 in seq regcomp.c:2683
    #252 0x10572c788 in seq regcomp.c:2683
    #253 0x10572c788 in seq regcomp.c:2683
    #254 0x10572c788 in seq regcomp.c:2683
    #255 0x10572c788 in seq regcomp.c:2683

SUMMARY: AddressSanitizer: stack-overflow regcomp.c in magic
==24373==ABORTING
/usr/local/src/ksh93/ksh/src/cmd/ksh93/tests/arrays.sh: line 612: 24373: Abort
/usr/local/src/ksh93/ksh/src/cmd/ksh93/tests/arrays.sh: line 606: 24372: Hangup
	arrays.sh[630]: FAIL: copying a large array fails
test arrays failed at 2024-11-30+00:00:36 with exit code 1 [ 185 tests 1 error ]
Total errors: 1
CPU time       user:      system:
main:      0m00.073s    0m00.137s
tests:     0m01.503s    0m00.914s

So the excessive recursion happens in regcomp.c on line 2683:

ksh/src/lib/libast/regex/regcomp.c

Line 2683 in 70a0032

return cat(env, e, seq(env));

When the [[ is replaced with test "${v/hugecpv/hugecpv2}" = "$(typeset -p hugecpv2)", it works just fine, as test does not invoke the regex code.

McDutchie added bug Something is not working help wanted Extra attention is needed labels Mar 5, 2021

McDutchie changed the title ~~Segfault with extended globs~~ Segfault with very large extended glob patterns Mar 7, 2021

McDutchie mentioned this issue Feb 2, 2022

confusing behaviour of backreferences with alternation #447

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Segfault with very large extended glob patterns #207

Segfault with very large extended glob patterns #207

hyenias commented Mar 4, 2021 •

edited

Loading

McDutchie commented Mar 5, 2021

McDutchie commented Mar 7, 2021 •

edited

Loading

McDutchie commented Mar 7, 2021

JohnoKing commented Feb 1, 2022 •

edited

Loading

phidebian commented Oct 9, 2022

phidebian commented Oct 9, 2022

McDutchie commented Mar 5, 2023

phidebian commented Mar 6, 2023

McDutchie commented Nov 30, 2024 •

edited

Loading

Segfault with very large extended glob patterns #207

Segfault with very large extended glob patterns #207

Comments

hyenias commented Mar 4, 2021 • edited Loading

McDutchie commented Mar 5, 2021

McDutchie commented Mar 7, 2021 • edited Loading

McDutchie commented Mar 7, 2021

JohnoKing commented Feb 1, 2022 • edited Loading

phidebian commented Oct 9, 2022

phidebian commented Oct 9, 2022

McDutchie commented Mar 5, 2023

phidebian commented Mar 6, 2023

McDutchie commented Nov 30, 2024 • edited Loading

hyenias commented Mar 4, 2021 •

edited

Loading

McDutchie commented Mar 7, 2021 •

edited

Loading

JohnoKing commented Feb 1, 2022 •

edited

Loading

McDutchie commented Nov 30, 2024 •

edited

Loading