Configuration Information [Automatically generated, do not change]:
Machine: i686
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='i686'
-DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='i686-pc-linux-gnu'
-DCONF_VENDOR='pc' -DLOCALEDIR='/usr/local/share/locale' -DPACKAGE='bash'
-DSHELL -DHAVE_CONFIG_H -I. -I. -I./include -I./lib -g -O2
uname output: Linux dirac.s-z.org 2.6.26-1-openvz-686 #1 SMP Wed Sep 10
19:04:44 UTC 2008 i686 GNU/Linux
Machine Type: i686-pc-linux-gnu
Bash Version: 4.0
Patch Level: 33
Release Status: release
Description:
Completing a (single- or double-) quoted string ending in a single
backslash causes an assertion failure:
malloc: unknown:0: assertion botched
free: start and end chunk sizes differ
last command: complete -r
Aborting...Aborted (core dumped)
The problem appears to be that, if the string ends in a backslash,
bash_dequote_filename copies two NULs into the result buffer, which
only has room for one.
Repeat-By:
At an interactive prompt:
$ complete -r
$ echo 'foo\<TAB>
The same occurs with "foo\ and 'foo\\\ but not with 'foo\\
or with unquoted foo\ . 'foo\\ does not fail because the NUL
is not copied by the backslash-handling code; and foo\ does
not fail because there is room for both NULs (because the backslash
is not copied).
Fix:
The following patch fixes the problem by returning the result
immediately, rather than breaking the loop and appending another
NUL. An alternative fix would be to decrement r before breaking
so that the second NUL overwrites the first.
--- ../bash-4.0/bashline.c 2009-10-09 20:17:39.225856381 -0400
+++ bashline.c 2009-10-09 22:57:51.909908993 -0400
@@ -3225,7 +3225,7 @@
*r++ = *++p;
if (*p == '\0')
- break;
+ return ret; /* Already NUL-terminated. */
continue;
}
/* Close quote. */
