busybox segfault on stty -echo
To reproduce:
ulimit -c unlimited
/bin/busybox ash; stty echo # re-enable echo after segfault
# now we are in the ash subshell
stty -echo
Will result in:
Segmentation fault (core dumped)
I was able to get a backtrace with symbols:
Core was generated by `./busybox_unstripped ash'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x0000558929e65565 in parse_and_put_prompt (prmt_ptr=<optimized out>,
prmt_ptr@entry=0x7f7ca99f1b30 "\\[\\e[1;32m\\]\\h\\[\\e[0m\\]:\\w\\[\\e[1;32m\\] (\033[32mmaster\033[m)\\$\\[\\e[0m\\] ")
at /home/ncopa/aports/main/busybox/src/busybox-1.36.0/libbb/lineedit.c:2041
2041 cwd_buf = state->sh_get_var
(gdb) bt
#0 0x0000558929e65565 in parse_and_put_prompt (prmt_ptr=<optimized out>,
prmt_ptr@entry=0x7f7ca99f1b30 "\\[\\e[1;32m\\]\\h\\[\\e[0m\\]:\\w\\[\\e[1;32m\\] (\033[32mmaster\033[m)\\$\\[\\e[0m\\] ")
at /home/ncopa/aports/main/busybox/src/busybox-1.36.0/libbb/lineedit.c:2041
#1 0x0000558929e66da3 in read_line_input (st=0x7f7ca9a15050,
prompt=0x7f7ca99f1b30 "\\[\\e[1;32m\\]\\h\\[\\e[0m\\]:\\w\\[\\e[1;32m\\] (\033[32mmaster\033[m)\\$\\[\\e[0m\\] ",
command=command@entry=0x7f7ca9a27030 "stty -echo\n", maxsize=maxsize@entry=2048)
at /home/ncopa/aports/main/busybox/src/busybox-1.36.0/libbb/lineedit.c:2494
#2 0x0000558929e1533e in preadfd () at /home/ncopa/aports/main/busybox/src/busybox-1.36.0/shell/ash.c:10851
#3 preadbuffer () at /home/ncopa/aports/main/busybox/src/busybox-1.36.0/shell/ash.c:10942
#4 __pgetc () at /home/ncopa/aports/main/busybox/src/busybox-1.36.0/shell/ash.c:11048
#5 0x0000558929e154d7 in pgetc () at /home/ncopa/aports/main/busybox/src/busybox-1.36.0/shell/ash.c:11067
#6 0x0000558929e18124 in pgetc_eatbnl () at /home/ncopa/aports/main/busybox/src/busybox-1.36.0/shell/ash.c:11086
#7 0x0000558929e18177 in xxreadtoken () at /home/ncopa/aports/main/busybox/src/busybox-1.36.0/shell/ash.c:13204
#8 0x0000558929e18239 in readtoken () at /home/ncopa/aports/main/busybox/src/busybox-1.36.0/shell/ash.c:13314
#9 0x0000558929e16537 in list (nlflag=nlflag@entry=1) at /home/ncopa/aports/main/busybox/src/busybox-1.36.0/shell/ash.c:11838
#10 0x0000558929e166d0 in parsecmd (interact=<optimized out>) at /home/ncopa/aports/main/busybox/src/busybox-1.36.0/shell/ash.c:13383
#11 0x0000558929e19d3c in cmdloop (top=top@entry=1) at /home/ncopa/aports/main/busybox/src/busybox-1.36.0/shell/ash.c:13591
#12 0x0000558929e1b577 in ash_main (argc=1, argv=0x7fff5678b8f0) at /home/ncopa/aports/main/busybox/src/busybox-1.36.0/shell/ash.c:14795
#13 0x0000558929dd58d9 in run_applet_no_and_exit (applet_no=10, name=name@entry=0x7fff5678da2c "ash", argv=argv@entry=0x7fff5678b8f0)
at /home/ncopa/aports/main/busybox/src/busybox-1.36.0/libbb/appletlib.c:969
#14 0x0000558929dd5bef in run_applet_and_exit (name=0x7fff5678da2c "ash", argv=argv@entry=0x7fff5678b8f0)
at /home/ncopa/aports/main/busybox/src/busybox-1.36.0/libbb/appletlib.c:988
#15 0x0000558929dd5bd2 in busybox_main (argv=0x7fff5678b8f0) at /home/ncopa/aports/main/busybox/src/busybox-1.36.0/libbb/appletlib.c:916
#16 run_applet_and_exit (name=<optimized out>, argv=argv@entry=0x7fff5678b8e8)
at /home/ncopa/aports/main/busybox/src/busybox-1.36.0/libbb/appletlib.c:981
#17 0x0000558929dd5c65 in main (argc=<optimized out>, argv=0x7fff5678b8e8) at /home/ncopa/aports/main/busybox/src/busybox-1.36.0/libbb/appletlib.c:1128
(gdb)
I was not able to reproduce it with a build from buysbox git master.