P.S. the behaviour is repeating on lastest 25c6aa5b230167c6471898539c46dd2891d891a5 commit (devel branch).
---------------- Кому: [email protected] ([email protected]); Тема: SEGV make_variable_value() bash/variables.c:2968:16; 12.10.2025, 15:53, "Александр Ушаков" <[email protected]>: Dear Bash Maintainers, I encountered an issue in Bash and would like to report it. Steps to reproduce $ CC=clang-19 CFLAGS=" -g -fsanitize=undefined " ./configure --enable-largefile --without-bash-malloc $ make $ ./bash -c "declare -n r; declare -c r r" Expected Behaviour Any messages without asan ERROR. Actual Behaviour AddressSanitizer:DEADLYSIGNAL ================================================================= ==3974245==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x584955996f50 bp 0x7ffcecf24f50 sp 0x7ffcecf24ca0 T0) ==3974245==The signal is caused by a READ memory access. ==3974245==Hint: address points to the zero page. #0 0x584955996f50 in make_variable_value /upstream/bash/variables.c:2968:16 #1 0x5849559945e6 in bind_variable_internal /upstream/bash/variables.c:3183:16 #2 0x58495598ce63 in bind_variable /upstream/bash/variables.c:3293:11 #3 0x584955aa7f34 in declare_internal /upstream/bash/builtins/./declare.def:826:78 #4 0x584955aa4fa6 in declare_builtin /upstream/bash/builtins/./declare.def:104:11 #5 0x58495598ae3f in execute_builtin /upstream/bash/execute_cmd.c:5097:13 #6 0x584955989e45 in execute_builtin_or_function /upstream/bash/execute_cmd.c:5643:14 #7 0x5849559756e9 in execute_simple_command /upstream/bash/execute_cmd.c:4856:13 #8 0x58495596ece3 in execute_command_internal /upstream/bash/execute_cmd.c:938:4 #9 0x58495597ae35 in execute_connection /upstream/bash/execute_cmd.c:2887:21 #10 0x58495596fb29 in execute_command_internal /upstream/bash/execute_cmd.c:1117:21 #11 0x584955ab1dd3 in parse_and_execute /upstream/bash/builtins/evalstring.c:567:17 #12 0x58495592fc23 in run_one_command /upstream/bash/shell.c:1483:12 #13 0x58495592c1f5 in main /upstream/bash/shell.c:768:7 #14 0x765d05c56249 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #15 0x765d05c56304 in __libc_start_main csu/../csu/libc-start.c:360:3 #16 0x58495584ba70 in _start (/upstream/bash/bash+0xaca70) (BuildId: b9fd292ae42f98e3b23d0ac1da70f48e9a32f04d) ==3974245==Register values: rax = 0x0000000000000000 rbx = 0x00007ffcecf24ca0 rcx = 0xf3f3f3f8f1f1f1f1 rdx = 0x000000008fff6fff rdi = 0xffffffffffffffff rsi = 0x0000000000000000 rbp = 0x00007ffcecf24f50 rsp = 0x00007ffcecf24ca0 r8 = 0x0000000000000000 r9 = 0x00007fffffffff01 r10 = 0x00000a047fff8401 r11 = 0x00000a047fff8488 r12 = 0x0000000000000000 r13 = 0x00007ffcecf27828 r14 = 0x0000584955c583d0 r15 = 0x0000765d05f8f020 AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /upstream/bash/variables.c:2968:16 in make_variable_value ==3974245==ABORTING Additional Notes When I do $ ./bash -c "declare -n r; declare -c r" or $ ./bash -c "declare -n r; declare -i r r" or $ ./bash -c "declare -n r; declare -ac r r" I don't see any asan errors. I thought the case is bug because I try to use instead of -c other types and several variables and can't reproduce the behaviour with other parameters. Bash Version commit a8a1c2fac029404d3f42cd39f5a20f24b6e4fe4b [1]root@fb1d7dcac77a:/upstream/bash# ./bash --version GNU bash, version 5.3.3(1)-release (x86_64-pc-linux-gnu) Copyright (C) 2025 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <[2]http://gnu.org/licenses/gpl.html> Also, the behaviour is repeating on release bash 5.2 version. System Info Linux astra 6.1.90-1-generic #astra2+ci15 SMP PREEMPT_DYNAMIC Tue Jul 23 09:49:19 MSK 2024 x86_64 GNU/Linux Debian clang version 19.1.4 (1~deb12u1) Target: x86_64-pc-linux-gnu Thread model: posix InstalledDir: /usr/lib/llvm-19/bin References 1. mailto:root@fb1d7dcac77a 2. http://gnu.org/licenses/gpl.html
