[Bug 1422795] Re: bash crashes often if inputrc contains revert-all-at-newline

Philipp Kern 1422795 at bugs.launchpad.net
Thu Nov 3 12:24:17 UTC 2016 

https://launchpadlibrarian.net/221500232/bash-readline-revert.debdiff
should still be valid to apply to bash as-is on trusty and the problem
has been fixed in utopic and up already. Thanks to Laney to accept the
bug nomination, which finally caused this bug to enter the sponsoring
queue (http://reqorts.qa.ubuntu.com/reports/sponsoring/index.html).

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1422795

Title:
  bash crashes often if inputrc contains revert-all-at-newline

Status in bash package in Ubuntu:
  Fix Released
Status in bash source package in Trusty:
  New
Status in bash package in Debian:
  Fix Released

Bug description:
  Debian bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747341
  The Debian bug includes complete reproduction case. Basically:
  with .inputrc containing
  set revert-all-at-newline On

  Go back in the commandline history, edit a command, then submit a different command (may be empty)
  Such as:
  $ ls something
  $ <UP><CTRL+W><DOWN><ENTER>

  Attached diff is confirmed to fix the issue.

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: bash 4.3-7ubuntu1.5 [origin: goobuntu-trusty-testing-desktop]
  ProcVersionSignature: Ubuntu 3.13.0-44.73-generic 3.13.11-ckt12
  Uname: Linux 3.13.0-44-generic x86_64
  NonfreeKernelModules: nvidia
  ApportVersion: 2.14.1-0ubuntu3.6
  Architecture: amd64
  CurrentDesktop: X-Cinnamon
  Date: Tue Feb 17 15:49:30 2015
  SourcePackage: bash
  UpgradeStatus: No upgrade log present (probably fresh install)
  modified.conffile..etc.bash.bashrc: [modified]
  mtime.conffile..etc.bash.bashrc: 2015-01-27T03:27:18.751405

  
  [Test Case]

  Adapted from the Debian bug report:

  1. echo "set revert-all-at-newline on" > bug.inputrc
  2. INPUTRC=bug.inputrc bash
  3. echo hello
  4. ^P^U^N^M  [Hold down control and type "punm".]

  Bash should die immediately with SIGABRT.

  
  [Regression Potential]

  Relatively low.

  The change has no effect at all unless _rl_revert_all_lines() is called,
  which only happens if revert-all-at-newline is set, and then only when a
  newline is typed.  So, the potential for regression is essentially zero for
  non-interactive shells and for anyone not using revert-all-at-newline (which
  is not the default).

  Further, this change appeared upstream and in both Debian and Ubuntu over
  a year ago, so it's had plenty of public testing.

  lib/readline/misc.c:_rl_revert_all_lines() contains a loop which iterates
  over history entries, reverting changes to each history entry.  This patch
  causes entry->data, which points to the per-entry undo list, to be cleared
  before reverting edits rather than after.  At first glance, this shouldn't
  make any difference.  However, it prevents rl_do_undo() from replacing the
  history entry with one reflecting the change.  Otherwise, the entry gets
  freed, leaving _rl_revert_all_lines() with an invalid pointer.

  _Not_ having an invalid pointer and double-free certainly can't be worse
  than the current situation.  Since we're avoiding is making the pointer
  invalid rather than not doing the free, the chance of a new leak is pretty
  much nonexistent.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1422795/+subscriptions

More information about the foundations-bugs mailing list