Skip to content

Several out of bounds reads in bash

Bash just released new patchlevels that fix among other things several out of bounds reads I discovered with Address Sanitizer. These happened during normal use of bash (triggered by the completion functionality). These are not security issues, however they could cause malfunction.

These are not security fixes, because they don't involve any externally controlled input. But it's a nice example showing that Address Sanitizer should be used more to test software. (I'm actually currently trying to build a whole system based on Gentoo Linux with everything except a few core packages compiled with Address Sanitizer - I will make that work public soon.)

Bash 4.3 patch 041 fixing out of bounds reads
Report 1 on bash mailing list
Report 2 on bash mailing list

I'm currently at the Chaos Communication Camp and will have a small lightning talk about Address Sanitizer today.