Why does bash dump core after I interrupt username completion or
`~user' tilde expansion on a machine running NIS?
Why does bash dump core after I interrupt username completion or
`~user' tilde expansion on a machine running NIS?
This is a famous and long-standing bug in the SunOS YP (sorry, NIS)
client library, which is part of libc.
The YP library code keeps static state -- a pointer into the data
returned from the server. When YP initializes itself (setpwent),
it looks at this pointer and calls free on it if it's non-null.
So far, so good.
If one of the YP functions is interrupted during getpwent (the
exact function is interpretwithsave()), and returns NULL, the
pointer is freed without being reset to NULL, and the function
returns. The next time getpwent is called, it sees that this
pointer is non-null, calls free, and the bash free() blows up
because it's being asked to free freed memory.
The traditional Unix mallocs allow memory to be freed multiple
times; that's probably why this has never been fixed. You can
run configure with the `--without-gnu-malloc' option to use
the C library malloc and avoid the problem.
XML Feeds