I have met situation when nfd(returned by fcntl) is 217, but nbuffers is
only 25
if (buffers[nfd])
{
/* What's this? A stray buffer without an associated open file
descriptor? Free up the buffer and report the error. */
internal_error (_("save_bash_input: buffer already exists for new fd
%d"), nfd);
free_buffered_stream (buffers[nfd]);
}
and free_buffered_stream() causes a segfault.
I added extra comparison nfd < nbuffers - it works for me.
Why do we need this check? Does stray buffer happen, when nfd is in a range
[0,nbuffers)?
Patch is attached.
Thanks,
Alexey
diff -Naur bash-4.3_old/input.c bash-4.3/input.c
--- bash-4.3_old/input.c 2014-02-07 14:13:08.000000000 +0000
+++ bash-4.3/input.c 2015-07-22 07:00:04.347022263 +0000
@@ -272,7 +272,7 @@
return -1;
}
- if (buffers[nfd])
+ if (nfd < nbuffers && buffers[nfd])
{
/* What's this? A stray buffer without an associated open file
descriptor? Free up the buffer and report the error. */
