Hi,
I am working on a project in which I use the honggfuzz fuzzer to fuzz open
source software and I decided to fuzz dash. In doing so I discovered a
NULL pointer dereference in src/redir.ch on line 305. Following is a
backtrace as supplied by the address sanitizer:
AddressSanitizer:DEADLYSIGNAL
=================================================================
==39623==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x0000005768ed bp 0x7ffc00273df0 sp 0x7ffc00273c60 T0)
==39623==The signal is caused by a READ memory access.
==39623==Hint: address points to the zero page.
#0 0x5768ec in openhere /home/jfe/dash/src/redir.c:305:29
#1 0x574d92 in openredirect /home/jfe/dash/src/redir.c:230:7
#2 0x5737fe in redirect /home/jfe/dash/src/redir.c:121:11
#3 0x576017 in redirectsafe /home/jfe/dash/src/redir.c:424:3
#4 0x522326 in evalcommand /home/jfe/dash/src/eval.c:828:11
#5 0x520010 in evaltree /home/jfe/dash/src/eval.c:288:12
#6 0x5270da in evaltreenr /home/jfe/dash/src/eval.c:332:2
#7 0x526f04 in evalbackcmd /home/jfe/dash/src/eval.c:640:3
#8 0x539020 in expbackq /home/jfe/dash/src/expand.c:522:2
#9 0x5332d7 in argstr /home/jfe/dash/src/expand.c:343:4
#10 0x5322f7 in expandarg /home/jfe/dash/src/expand.c:196:2
#11 0x528118 in fill_arglist /home/jfe/dash/src/eval.c:659:3
#12 0x5213b6 in evalcommand /home/jfe/dash/src/eval.c:769:13
#13 0x520010 in evaltree /home/jfe/dash/src/eval.c:288:12
#14 0x554423 in cmdloop /home/jfe/dash/src/main.c:234:8
#15 0x553bcc in main /home/jfe/dash/src/main.c:176:3
#16 0x7f201c2b2a86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21a86)
#17 0x41dfb9 in _start (/home/jfe/dash/src/dash+0x41dfb9)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/jfe/dash/src/redir.c:305:29 in openhere
==39623==ABORTING
This bug can be reproduced by running "dash < min" where min is þhe file
attached. I was able to reproduce this bug with the current git version
and the current debian version.
cheers
project-repo
<<A
`<<A(`
