charmoniumQ/flake.lock

## flake.lock
{
  "nodes": {
    "nixpkgs": {
      "locked": {
        "lastModified": 1695227375,
        "narHash": "sha256-76WTkeCu3npPZDkay2hB2Dj3cOuCiF0P41dbmXWUKtA=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "fe977679240ac2027b151ecca1bc6ce808c2e8af",
        "type": "github"
      },
      "original": {
        "id": "nixpkgs",
        "type": "indirect"
      }
    },
    "root": {
      "inputs": {
        "nixpkgs": "nixpkgs"
      }
    }
  },
  "root": "root",
  "version": 7
}

## flake.nix
{
  outputs = { self, nixpkgs }:
    let
      system = "x86_64-linux";
      pkgs = nixpkgs.legacyPackages.${system};
      bash = pkgs.enableDebugging pkgs.bash;
    in {
      apps."${system}".default = {
          # This program crashes reliably!
          # Taking out the valgrind causes it to not crash.
          # Taking out LC_CTYPE causes it to not crash (but still has an invalid free())
          type = "app";
          program = "${pkgs.writeShellScript "test.sh" ''
            ${pkgs.toybox}/bin/env - foo=bar LC_CTYPE=C.UTF-8 ${pkgs.valgrind}/bin/valgrind ${bash}/bin/bash -c 'echo ''${foo#baz}'
          ''}";
      };
    };
}

## output.txt
$ nix run
==2917070== Memcheck, a memory error detector
==2917070== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
==2917070== Using Valgrind-3.21.0 and LibVEX; rerun with -h for copyright info
==2917070== Command: /nix/store/mcvpsizgc6irihzykac8a49rini1v25l-bash-5.2-p15/bin/bash -c echo\ ${foo#ba}
==2917070==
==2917070== Invalid read of size 1
==2917070==    at 0x4A0DCD: internal_free (malloc.c:967)
==2917070==    by 0x4A1BBA: sh_free (malloc.c:1457)
==2917070==    by 0x4743A7: sh_xfree (xmalloc.c:223)
==2917070==    by 0x44D7D2: remove_pattern (subst.c:5336)
==2917070==    by 0x45F6C8: parameter_brace_remove_pattern (subst.c:5904)
==2917070==    by 0x459428: parameter_brace_expand (subst.c:10090)
==2917070==    by 0x459EB2: param_expand (subst.c:10538)
==2917070==    by 0x45ADB6: expand_word_internal (subst.c:11236)
==2917070==    by 0x4603A7: shell_expand_word_list (subst.c:12816)
==2917070==    by 0x4604C4: expand_word_list_internal (subst.c:13000)
==2917070==    by 0x4605C1: expand_words (subst.c:12280)
==2917070==    by 0x432B4C: execute_simple_command (execute_cmd.c:4506)
==2917070==  Address 0x4a9fac0 is 16 bytes before a block of size 128 alloc'd
==2917070==    at 0x48477FC: realloc (in /nix/store/14fg82n6grqhrd2algx31sv1kmgvz0gl-valgrind-3.21.0/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==2917070==    by 0x492FE2: xdupmbstowcs2 (xmbsrtowcs.c:210)
==2917070==    by 0x4932F0: xdupmbstowcs (xmbsrtowcs.c:298)
==2917070==    by 0x44D789: remove_pattern (subst.c:5318)
==2917070==    by 0x45F6C8: parameter_brace_remove_pattern (subst.c:5904)
==2917070==    by 0x459428: parameter_brace_expand (subst.c:10090)
==2917070==    by 0x459EB2: param_expand (subst.c:10538)
==2917070==    by 0x45ADB6: expand_word_internal (subst.c:11236)
==2917070==    by 0x4603A7: shell_expand_word_list (subst.c:12816)
==2917070==    by 0x4604C4: expand_word_list_internal (subst.c:13000)
==2917070==    by 0x4605C1: expand_words (subst.c:12280)
==2917070==    by 0x432B4C: execute_simple_command (execute_cmd.c:4506)
==2917070==
==2917070== Invalid read of size 1
==2917070==    at 0x4A0DDC: internal_free (malloc.c:978)
==2917070==    by 0x4A1BBA: sh_free (malloc.c:1457)
==2917070==    by 0x4743A7: sh_xfree (xmalloc.c:223)
==2917070==    by 0x44D7D2: remove_pattern (subst.c:5336)
==2917070==    by 0x45F6C8: parameter_brace_remove_pattern (subst.c:5904)
==2917070==    by 0x459428: parameter_brace_expand (subst.c:10090)
==2917070==    by 0x459EB2: param_expand (subst.c:10538)
==2917070==    by 0x45ADB6: expand_word_internal (subst.c:11236)
==2917070==    by 0x4603A7: shell_expand_word_list (subst.c:12816)
==2917070==    by 0x4604C4: expand_word_list_internal (subst.c:13000)
==2917070==    by 0x4605C1: expand_words (subst.c:12280)
==2917070==    by 0x432B4C: execute_simple_command (execute_cmd.c:4506)
==2917070==  Address 0x4a9fac0 is 16 bytes before a block of size 128 alloc'd
==2917070==    at 0x48477FC: realloc (in /nix/store/14fg82n6grqhrd2algx31sv1kmgvz0gl-valgrind-3.21.0/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==2917070==    by 0x492FE2: xdupmbstowcs2 (xmbsrtowcs.c:210)
==2917070==    by 0x4932F0: xdupmbstowcs (xmbsrtowcs.c:298)
==2917070==    by 0x44D789: remove_pattern (subst.c:5318)
==2917070==    by 0x45F6C8: parameter_brace_remove_pattern (subst.c:5904)
==2917070==    by 0x459428: parameter_brace_expand (subst.c:10090)
==2917070==    by 0x459EB2: param_expand (subst.c:10538)
==2917070==    by 0x45ADB6: expand_word_internal (subst.c:11236)
==2917070==    by 0x4603A7: shell_expand_word_list (subst.c:12816)
==2917070==    by 0x4604C4: expand_word_list_internal (subst.c:13000)
==2917070==    by 0x4605C1: expand_words (subst.c:12280)
==2917070==    by 0x432B4C: execute_simple_command (execute_cmd.c:4506)
==2917070==

malloc: subst.c:5336: assertion botched
free: called with unallocated block argument
Aborting...==2917070==
==2917070== Process terminating with default action of signal 6 (SIGABRT): dumping core
==2917070==    at 0x48DFA8C: __pthread_kill_implementation (in /nix/store/aw2fw9ag10wr9pf0qk4nk5sxi0q0bn56-glibc-2.37-8/lib/libc.so.6)
==2917070==    by 0x4890C85: raise (in /nix/store/aw2fw9ag10wr9pf0qk4nk5sxi0q0bn56-glibc-2.37-8/lib/libc.so.6)
==2917070==    by 0x487A8B9: abort (in /nix/store/aw2fw9ag10wr9pf0qk4nk5sxi0q0bn56-glibc-2.37-8/lib/libc.so.6)
==2917070==    by 0x4403A0: programming_error (error.c:175)
==2917070==    by 0x4A0B8E: xbotch (malloc.c:390)
==2917070==    by 0x4A0E1A: internal_free (malloc.c:984)
==2917070==    by 0x4A1BBA: sh_free (malloc.c:1457)
==2917070==    by 0x4743A7: sh_xfree (xmalloc.c:223)
==2917070==    by 0x44D7D2: remove_pattern (subst.c:5336)
==2917070==    by 0x45F6C8: parameter_brace_remove_pattern (subst.c:5904)
==2917070==    by 0x459428: parameter_brace_expand (subst.c:10090)
==2917070==    by 0x459EB2: param_expand (subst.c:10538)
==2917070==
==2917070== HEAP SUMMARY:
==2917070==     in use at exit: 153,368 bytes in 2,409 blocks
==2917070==   total heap usage: 2,436 allocs, 27 frees, 211,978 bytes allocated
==2917070==
==2917070== LEAK SUMMARY:
==2917070==    definitely lost: 0 bytes in 0 blocks
==2917070==    indirectly lost: 0 bytes in 0 blocks
==2917070==      possibly lost: 33,123 bytes in 1,052 blocks
==2917070==    still reachable: 120,245 bytes in 1,357 blocks
==2917070==         suppressed: 0 bytes in 0 blocks
==2917070== Rerun with --leak-check=full to see details of leaked memory
==2917070==
==2917070== For lists of detected and suppressed errors, rerun with: -s
==2917070== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
/nix/store/sbf599f5q19cn7xm3l641irs6acg39zh-test.sh: line 2: 2917070 Aborted                 (core dumped) /nix/store/v45j2p2izb3pa2fxdw978bahhkb2ghza-toybox-0.8.10/bin/env - foo=bar LC_CTYPE=C.UTF-8 /nix/store/14fg82n6grqhrd2algx31sv1kmgvz0gl-valgrind-3.21.0/bin/valgrind /nix/store/mcvpsizgc6irihzykac8a49rini1v25l-bash-5.2-p15/bin/bash -c 'echo ${foo#ba}'

$ echo $?
134

## output_without_lc_type.txt
$ nix run
==2934752== Memcheck, a memory error detector
==2934752== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
==2934752== Using Valgrind-3.21.0 and LibVEX; rerun with -h for copyright info
==2934752== Command: /nix/store/mcvpsizgc6irihzykac8a49rini1v25l-bash-5.2-p15/bin/bash -c echo\ ${foo#baz}
==2934752==
bar
==2934752== Invalid free() / delete / delete[] / realloc()
==2934752==    at 0x4845154: free (in /nix/store/14fg82n6grqhrd2algx31sv1kmgvz0gl-valgrind-3.21.0/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==2934752==    by 0x474289: xfree (xmalloc.c:150)
==2934752==    by 0x464B27: unwind_frame_run_internal (unwind_prot.c:326)
==2934752==    by 0x4646D1: without_interrupts (unwind_prot.c:118)
==2934752==    by 0x464C95: run_unwind_frame (unwind_prot.c:144)
==2934752==    by 0x47AF1E: parse_and_execute (evalstring.c:577)
==2934752==    by 0x41C0DF: run_one_command (shell.c:1473)
==2934752==    by 0x41D77F: main (shell.c:763)
==2934752==  Address 0x4042790 is in the brk data segment 0x4035000-0x404dfff
==2934752==
==2934752==
==2934752== HEAP SUMMARY:
==2934752==     in use at exit: 29 bytes in 1 blocks
==2934752==   total heap usage: 31 allocs, 31 frees, 21,419 bytes allocated
==2934752==
==2934752== LEAK SUMMARY:
==2934752==    definitely lost: 0 bytes in 0 blocks
==2934752==    indirectly lost: 0 bytes in 0 blocks
==2934752==      possibly lost: 0 bytes in 0 blocks
==2934752==    still reachable: 29 bytes in 1 blocks
==2934752==         suppressed: 0 bytes in 0 blocks
==2934752== Rerun with --leak-check=full to see details of leaked memory
==2934752==
==2934752== For lists of detected and suppressed errors, rerun with: -s
==2934752== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)

$ echo $?
0
	{
	"nodes": {
	"nixpkgs": {
	"locked": {
	"lastModified": 1695227375,
	"narHash": "sha256-76WTkeCu3npPZDkay2hB2Dj3cOuCiF0P41dbmXWUKtA=",
	"owner": "NixOS",
	"repo": "nixpkgs",
	"rev": "fe977679240ac2027b151ecca1bc6ce808c2e8af",
	"type": "github"
	},
	"original": {
	"id": "nixpkgs",
	"type": "indirect"
	}
	},
	"root": {
	"inputs": {
	"nixpkgs": "nixpkgs"
	}
	}
	},
	"root": "root",
	"version": 7
	}
	{
	outputs = { self, nixpkgs }:
	let
	system = "x86_64-linux";
	pkgs = nixpkgs.legacyPackages.${system};
	bash = pkgs.enableDebugging pkgs.bash;
	in {
	apps."${system}".default = {
	# This program crashes reliably!
	# Taking out the valgrind causes it to not crash.
	# Taking out LC_CTYPE causes it to not crash (but still has an invalid free())
	type = "app";
	program = "${pkgs.writeShellScript "test.sh" ''
	${pkgs.toybox}/bin/env - foo=bar LC_CTYPE=C.UTF-8 ${pkgs.valgrind}/bin/valgrind ${bash}/bin/bash -c 'echo ''${foo#baz}'
	''}";
	};
	};
	}
	$ nix run
	==2917070== Memcheck, a memory error detector
	==2917070== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
	==2917070== Using Valgrind-3.21.0 and LibVEX; rerun with -h for copyright info
	==2917070== Command: /nix/store/mcvpsizgc6irihzykac8a49rini1v25l-bash-5.2-p15/bin/bash -c echo\ ${foo#ba}
	==2917070==
	==2917070== Invalid read of size 1
	==2917070== at 0x4A0DCD: internal_free (malloc.c:967)
	==2917070== by 0x4A1BBA: sh_free (malloc.c:1457)
	==2917070== by 0x4743A7: sh_xfree (xmalloc.c:223)
	==2917070== by 0x44D7D2: remove_pattern (subst.c:5336)
	==2917070== by 0x45F6C8: parameter_brace_remove_pattern (subst.c:5904)
	==2917070== by 0x459428: parameter_brace_expand (subst.c:10090)
	==2917070== by 0x459EB2: param_expand (subst.c:10538)
	==2917070== by 0x45ADB6: expand_word_internal (subst.c:11236)
	==2917070== by 0x4603A7: shell_expand_word_list (subst.c:12816)
	==2917070== by 0x4604C4: expand_word_list_internal (subst.c:13000)
	==2917070== by 0x4605C1: expand_words (subst.c:12280)
	==2917070== by 0x432B4C: execute_simple_command (execute_cmd.c:4506)
	==2917070== Address 0x4a9fac0 is 16 bytes before a block of size 128 alloc'd
	==2917070== at 0x48477FC: realloc (in /nix/store/14fg82n6grqhrd2algx31sv1kmgvz0gl-valgrind-3.21.0/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
	==2917070== by 0x492FE2: xdupmbstowcs2 (xmbsrtowcs.c:210)
	==2917070== by 0x4932F0: xdupmbstowcs (xmbsrtowcs.c:298)
	==2917070== by 0x44D789: remove_pattern (subst.c:5318)
	==2917070== by 0x45F6C8: parameter_brace_remove_pattern (subst.c:5904)
	==2917070== by 0x459428: parameter_brace_expand (subst.c:10090)
	==2917070== by 0x459EB2: param_expand (subst.c:10538)
	==2917070== by 0x45ADB6: expand_word_internal (subst.c:11236)
	==2917070== by 0x4603A7: shell_expand_word_list (subst.c:12816)
	==2917070== by 0x4604C4: expand_word_list_internal (subst.c:13000)
	==2917070== by 0x4605C1: expand_words (subst.c:12280)
	==2917070== by 0x432B4C: execute_simple_command (execute_cmd.c:4506)
	==2917070==
	==2917070== Invalid read of size 1
	==2917070== at 0x4A0DDC: internal_free (malloc.c:978)
	==2917070== by 0x4A1BBA: sh_free (malloc.c:1457)
	==2917070== by 0x4743A7: sh_xfree (xmalloc.c:223)
	==2917070== by 0x44D7D2: remove_pattern (subst.c:5336)
	==2917070== by 0x45F6C8: parameter_brace_remove_pattern (subst.c:5904)
	==2917070== by 0x459428: parameter_brace_expand (subst.c:10090)
	==2917070== by 0x459EB2: param_expand (subst.c:10538)
	==2917070== by 0x45ADB6: expand_word_internal (subst.c:11236)
	==2917070== by 0x4603A7: shell_expand_word_list (subst.c:12816)
	==2917070== by 0x4604C4: expand_word_list_internal (subst.c:13000)
	==2917070== by 0x4605C1: expand_words (subst.c:12280)
	==2917070== by 0x432B4C: execute_simple_command (execute_cmd.c:4506)
	==2917070== Address 0x4a9fac0 is 16 bytes before a block of size 128 alloc'd
	==2917070== at 0x48477FC: realloc (in /nix/store/14fg82n6grqhrd2algx31sv1kmgvz0gl-valgrind-3.21.0/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
	==2917070== by 0x492FE2: xdupmbstowcs2 (xmbsrtowcs.c:210)
	==2917070== by 0x4932F0: xdupmbstowcs (xmbsrtowcs.c:298)
	==2917070== by 0x44D789: remove_pattern (subst.c:5318)
	==2917070== by 0x45F6C8: parameter_brace_remove_pattern (subst.c:5904)
	==2917070== by 0x459428: parameter_brace_expand (subst.c:10090)
	==2917070== by 0x459EB2: param_expand (subst.c:10538)
	==2917070== by 0x45ADB6: expand_word_internal (subst.c:11236)
	==2917070== by 0x4603A7: shell_expand_word_list (subst.c:12816)
	==2917070== by 0x4604C4: expand_word_list_internal (subst.c:13000)
	==2917070== by 0x4605C1: expand_words (subst.c:12280)
	==2917070== by 0x432B4C: execute_simple_command (execute_cmd.c:4506)
	==2917070==

	malloc: subst.c:5336: assertion botched
	free: called with unallocated block argument
	Aborting...==2917070==
	==2917070== Process terminating with default action of signal 6 (SIGABRT): dumping core
	==2917070== at 0x48DFA8C: __pthread_kill_implementation (in /nix/store/aw2fw9ag10wr9pf0qk4nk5sxi0q0bn56-glibc-2.37-8/lib/libc.so.6)
	==2917070== by 0x4890C85: raise (in /nix/store/aw2fw9ag10wr9pf0qk4nk5sxi0q0bn56-glibc-2.37-8/lib/libc.so.6)
	==2917070== by 0x487A8B9: abort (in /nix/store/aw2fw9ag10wr9pf0qk4nk5sxi0q0bn56-glibc-2.37-8/lib/libc.so.6)
	==2917070== by 0x4403A0: programming_error (error.c:175)
	==2917070== by 0x4A0B8E: xbotch (malloc.c:390)
	==2917070== by 0x4A0E1A: internal_free (malloc.c:984)
	==2917070== by 0x4A1BBA: sh_free (malloc.c:1457)
	==2917070== by 0x4743A7: sh_xfree (xmalloc.c:223)
	==2917070== by 0x44D7D2: remove_pattern (subst.c:5336)
	==2917070== by 0x45F6C8: parameter_brace_remove_pattern (subst.c:5904)
	==2917070== by 0x459428: parameter_brace_expand (subst.c:10090)
	==2917070== by 0x459EB2: param_expand (subst.c:10538)
	==2917070==
	==2917070== HEAP SUMMARY:
	==2917070== in use at exit: 153,368 bytes in 2,409 blocks
	==2917070== total heap usage: 2,436 allocs, 27 frees, 211,978 bytes allocated
	==2917070==
	==2917070== LEAK SUMMARY:
	==2917070== definitely lost: 0 bytes in 0 blocks
	==2917070== indirectly lost: 0 bytes in 0 blocks
	==2917070== possibly lost: 33,123 bytes in 1,052 blocks
	==2917070== still reachable: 120,245 bytes in 1,357 blocks
	==2917070== suppressed: 0 bytes in 0 blocks
	==2917070== Rerun with --leak-check=full to see details of leaked memory
	==2917070==
	==2917070== For lists of detected and suppressed errors, rerun with: -s
	==2917070== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
	/nix/store/sbf599f5q19cn7xm3l641irs6acg39zh-test.sh: line 2: 2917070 Aborted (core dumped) /nix/store/v45j2p2izb3pa2fxdw978bahhkb2ghza-toybox-0.8.10/bin/env - foo=bar LC_CTYPE=C.UTF-8 /nix/store/14fg82n6grqhrd2algx31sv1kmgvz0gl-valgrind-3.21.0/bin/valgrind /nix/store/mcvpsizgc6irihzykac8a49rini1v25l-bash-5.2-p15/bin/bash -c 'echo ${foo#ba}'

	$ echo $?
	134
	$ nix run
	==2934752== Memcheck, a memory error detector
	==2934752== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
	==2934752== Using Valgrind-3.21.0 and LibVEX; rerun with -h for copyright info
	==2934752== Command: /nix/store/mcvpsizgc6irihzykac8a49rini1v25l-bash-5.2-p15/bin/bash -c echo\ ${foo#baz}
	==2934752==
	bar
	==2934752== Invalid free() / delete / delete[] / realloc()
	==2934752== at 0x4845154: free (in /nix/store/14fg82n6grqhrd2algx31sv1kmgvz0gl-valgrind-3.21.0/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
	==2934752== by 0x474289: xfree (xmalloc.c:150)
	==2934752== by 0x464B27: unwind_frame_run_internal (unwind_prot.c:326)
	==2934752== by 0x4646D1: without_interrupts (unwind_prot.c:118)
	==2934752== by 0x464C95: run_unwind_frame (unwind_prot.c:144)
	==2934752== by 0x47AF1E: parse_and_execute (evalstring.c:577)
	==2934752== by 0x41C0DF: run_one_command (shell.c:1473)
	==2934752== by 0x41D77F: main (shell.c:763)
	==2934752== Address 0x4042790 is in the brk data segment 0x4035000-0x404dfff
	==2934752==
	==2934752==
	==2934752== HEAP SUMMARY:
	==2934752== in use at exit: 29 bytes in 1 blocks
	==2934752== total heap usage: 31 allocs, 31 frees, 21,419 bytes allocated
	==2934752==
	==2934752== LEAK SUMMARY:
	==2934752== definitely lost: 0 bytes in 0 blocks
	==2934752== indirectly lost: 0 bytes in 0 blocks
	==2934752== possibly lost: 0 bytes in 0 blocks
	==2934752== still reachable: 29 bytes in 1 blocks
	==2934752== suppressed: 0 bytes in 0 blocks
	==2934752== Rerun with --leak-check=full to see details of leaked memory
	==2934752==
	==2934752== For lists of detected and suppressed errors, rerun with: -s
	==2934752== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)

	$ echo $?
	0