[Bug 1422795] Re: bash crashes often if inputrc contains revert-all-at-newline

Mathew Hodson mathew.hodson at gmail.com
Sat Nov 5 03:41:46 UTC 2016 

** Changed in: bash (Ubuntu Trusty)
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1422795

Title:
  bash crashes often if inputrc contains revert-all-at-newline

Status in bash package in Ubuntu:
  Fix Released
Status in bash source package in Trusty:
  New
Status in bash package in Debian:
  Fix Released

Bug description:
  Debian bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747341
  The Debian bug includes complete reproduction case. Basically:
  with .inputrc containing
  set revert-all-at-newline On

  Go back in the commandline history, edit a command, then submit a different command (may be empty)
  Such as:
  $ ls something
  $ <UP><CTRL+W><DOWN><ENTER>

  Attached diff is confirmed to fix the issue.

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: bash 4.3-7ubuntu1.5 [origin: goobuntu-trusty-testing-desktop]
  ProcVersionSignature: Ubuntu 3.13.0-44.73-generic 3.13.11-ckt12
  Uname: Linux 3.13.0-44-generic x86_64
  NonfreeKernelModules: nvidia
  ApportVersion: 2.14.1-0ubuntu3.6
  Architecture: amd64
  CurrentDesktop: X-Cinnamon
  Date: Tue Feb 17 15:49:30 2015
  SourcePackage: bash
  UpgradeStatus: No upgrade log present (probably fresh install)
  modified.conffile..etc.bash.bashrc: [modified]
  mtime.conffile..etc.bash.bashrc: 2015-01-27T03:27:18.751405

  
  [Test Case]

  Adapted from the Debian bug report:

  1. echo "set revert-all-at-newline on" > bug.inputrc
  2. INPUTRC=bug.inputrc bash
  3. echo hello
  4. ^P^U^N^M  [Hold down control and type "punm".]

  Bash should die immediately with SIGABRT.

  
  [Regression Potential]

  Relatively low.

  The change has no effect at all unless _rl_revert_all_lines() is called,
  which only happens if revert-all-at-newline is set, and then only when a
  newline is typed.  So, the potential for regression is essentially zero for
  non-interactive shells and for anyone not using revert-all-at-newline (which
  is not the default).

  Further, this change appeared upstream and in both Debian and Ubuntu over
  a year ago, so it's had plenty of public testing.

  lib/readline/misc.c:_rl_revert_all_lines() contains a loop which iterates
  over history entries, reverting changes to each history entry.  This patch
  causes entry->data, which points to the per-entry undo list, to be cleared
  before reverting edits rather than after.  At first glance, this shouldn't
  make any difference.  However, it prevents rl_do_undo() from replacing the
  history entry with one reflecting the change.  Otherwise, the entry gets
  freed, leaving _rl_revert_all_lines() with an invalid pointer.

  _Not_ having an invalid pointer and double-free certainly can't be worse
  than the current situation.  Since we're avoiding is making the pointer
  invalid rather than not doing the free, the chance of a new leak is pretty
  much nonexistent.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1422795/+subscriptions

More information about the Ubuntu-sponsors mailing list