Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 597006

Summary: app-shells/bash-4.4: large HISTFILESIZE value may result in upfront memory exhaustion
Product: Gentoo Linux Reporter: kfm
Component: Current packagesAssignee: Gentoo's Team for Core System packages <base-system>
Status: RESOLVED FIXED    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://lists.gnu.org/archive/html/bug-bash/2016-10/msg00010.html
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 595278    
Attachments: Patch to clamp the amount of memory initially allocated for history

Description kfm 2016-10-13 01:35:25 UTC 
As of 4.4, bash tries to allocate enough memory to cover as many entries as are specified by HISTFILESIZE. Some people set this to an arbitrarily large value, in which case potentially dire results will ensue after upgrading to 4.4. Here's a patch from Chet Ramey:

http://lists.gnu.org/archive/html/bug-bash/2016-10/msg00010.html

A plausible worst-case scenario would be that someone upgrades a remote system, only to find that they can no longer log in with ssh. Therefore, I recommend applying said patch by way of a revision bump. Presumably, it will be addressed in bash44-001, whenever that lands.
Comment 1 kfm 2016-10-13 01:39:04 UTC 
Created attachment 450060 [details, diff]
Patch to clamp the amount of memory initially allocated for history
Comment 2 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2016-10-13 08:37:14 UTC 
commit eb4d79382613c3fa33a2375ba75f3b4f8b67eae4
Author: Lars Wendler <polynomial-c@gentoo.org>
Date:   Thu Oct 13 10:29:59 2016

    app-shells/bash: Revbump to fix bug #597006

    Package-Manager: portage-2.3.2
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

Fixed in app-shells/bash-4.4-r1
Comment 3 SpanKY gentoo-dev 2016-11-10 06:03:19 UTC 
that patch is against readline, and released versions of bash don't build against the bundled copy, so putting the patch into bash doesn't help :)

fixed here:
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4b0bd0d1d7636f79c4c1a65ab280c7f9009ff26e
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6a6d6915dfc68f4a67a7e8c03265d9e02ed39425
Comment 4 kfm 2016-11-10 13:59:01 UTC 
(In reply to SpanKY from comment #3)
> that patch is against readline, and released versions of bash don't build
> against the bundled copy, so putting the patch into bash doesn't help :)

I'm embarrassed to have overlooked that. Thanks, SpanKY.