On Thu, Sep 25, 2014 at 09:23:24AM -0400, trondd wrote: > Just an update (and apologies for previous top posting and message history) > but we've only ever seen this error and crash while running xmlto. I would > think (maybe wrongly) that a stack-protector issue would show up in other > programs, too.
Bash crashes while turning a innocent test(1) condition list into an array to feed into the test function. There is nothing obviously wrong with the code, and under single stepping it works just fine. Bash does however make heavy use of setjmp/longjmp around the crash site. It looks as if longjmp does not restore the context properly. Instead of exiting the test builtin, it runs for a second time but with bogus register values. Just a wild guess after poking at it for a couple of hours. Oh and the reason bash does not dump core is because xmlto installs an exit trap handler, messing things up even more.
