On Mon, Jan 8, 2024 at 4:41 PM Chet Ramey <chet.ra...@case.edu> wrote: > I think there's a simpler > way to fix it in parse_compound_assignment and parse_string_to_word_list > directly, and that change will be in the next devel branch push.
Rewriting the original report as: bash <<<'((X=([))' even after the last fix, there's still a similar issue with input like: bash <<<'((X=([))]' ================================================================= ERROR: AddressSanitizer: heap-use-after-free on address 0x000107f00cbc at pc 0x000104b083ec bp 0x00016b3506e0 sp 0x00016b3506d8 READ of size 4 at 0x000107f00cbc thread T0 #0 0x104b083e8 in shell_getc parse.y:2712 #1 0x104b01908 in read_token parse.y:3516 #2 0x104ae47c0 in yylex parse.y:2995 0x000107f00cbc is located 60 bytes inside of 64-byte region [0x000107f00c80,0x000107f00cc0) freed by thread T0 here: #0 0x105e1f380 in wrap_free+0x98 #1 0x104aec0f0 in pop_string parse.y:2042 #2 0x104b095d0 in shell_getc parse.y:2753 #3 0x104b15030 in read_token_word parse.y:5604 #4 0x104b047ec in read_token parse.y:3712 #5 0x104b28afc in parse_compound_assignment parse.y:6971 #6 0x104b13a28 in read_token_word parse.y:5543 #7 0x104b047ec in read_token parse.y:3712 #8 0x104ae47c0 in yylex parse.y:2995 previously allocated by thread T0 here: #0 0x105e1f244 in wrap_malloc+0x94 #1 0x104ec5b40 in xmalloc xmalloc.c:107 #2 0x104aea90c in push_string parse.y:1981 #3 0x104b0cf58 in parse_dparen parse.y:4837 #4 0x104b02d50 in read_token parse.y:3635 #5 0x104ae47c0 in yylex parse.y:2995 SUMMARY: AddressSanitizer: heap-use-after-free parse.y:2712 in shell_getc