I have met situation when nfd(returned by fcntl) is 217, but nbuffers is only 25
if (buffers[nfd]) { /* What's this? A stray buffer without an associated open file descriptor? Free up the buffer and report the error. */ internal_error (_("save_bash_input: buffer already exists for new fd %d"), nfd); free_buffered_stream (buffers[nfd]); } and free_buffered_stream() causes a segfault. I added extra comparison nfd < nbuffers - it works for me. Why do we need this check? Does stray buffer happen, when nfd is in a range [0,nbuffers)? Patch is attached. Thanks, Alexey
diff -Naur bash-4.3_old/input.c bash-4.3/input.c --- bash-4.3_old/input.c 2014-02-07 14:13:08.000000000 +0000 +++ bash-4.3/input.c 2015-07-22 07:00:04.347022263 +0000 @@ -272,7 +272,7 @@ return -1; } - if (buffers[nfd]) + if (nfd < nbuffers && buffers[nfd]) { /* What's this? A stray buffer without an associated open file descriptor? Free up the buffer and report the error. */