fmunozs/shell

## shell
$ mksh -c 'echo 1111111111111111111111111111111111111>1'
Segmentation fault (core dumped)

$ gdb mksh
GNU gdb (GDB) 7.8
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-unknown-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from mksh...done.
(gdb) run -c 'echo 1111111111111111111111111111111111111>1'
Starting program: /usr/bin/mksh -c 'echo 1111111111111111111111111111111111111>1'
Got object file from memory but can't read symbols: File truncated.
warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?

Program received signal SIGSEGV, Segmentation fault.
0x000000000043bf37 in iosetup.lto_priv.436 (iop=0x65a1c8, tp=0x650e68) at exec.c:1390
1390		if (e->savefd[iop->unit] == 0) {
(gdb) print iop->unit
$1 = -954437177

$ dash -c "echo foo 2 2 2 2 >&\$v"
Segmentation fault (core dumped)

$ zsh -c "echo a>&113333333333"
*** buffer overflow detected ***: zsh terminated

--
    char fdstr[4];

    closemnodes(mfds);
    fixfds(save);
    if (fn->fd2 != -2)
   	sprintf(fdstr, "%d", fn->fd2);
--

$ cat z5
a << EOF
hi $( <<"EOF" "

$ zsh z5
Segmentation fault (core dumped)

$ busybox sh -c 'export z=abcdefg;echo ${z:0:9223372036854775807}'
Segmentation fault (core dumped)

$ busybox sh -c 'export R="";echo "${R:$((${R}-1)):1}"'
Segmentation fault (core dumped)
	$ mksh -c 'echo 1111111111111111111111111111111111111>1'
	Segmentation fault (core dumped)

	$ gdb mksh
	GNU gdb (GDB) 7.8
	Copyright (C) 2014 Free Software Foundation, Inc.
	License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
	This is free software: you are free to change and redistribute it.
	There is NO WARRANTY, to the extent permitted by law. Type "show copying"
	and "show warranty" for details.
	This GDB was configured as "x86_64-unknown-linux-gnu".
	Type "show configuration" for configuration details.
	For bug reporting instructions, please see:
	<http://www.gnu.org/software/gdb/bugs/>.
	Find the GDB manual and other documentation resources online at:
	<http://www.gnu.org/software/gdb/documentation/>.
	For help, type "help".
	Type "apropos word" to search for commands related to "word"...
	Reading symbols from mksh...done.
	(gdb) run -c 'echo 1111111111111111111111111111111111111>1'
	Starting program: /usr/bin/mksh -c 'echo 1111111111111111111111111111111111111>1'
	Got object file from memory but can't read symbols: File truncated.
	warning: Could not load shared library symbols for linux-vdso.so.1.
	Do you need "set solib-search-path" or "set sysroot"?

	Program received signal SIGSEGV, Segmentation fault.
	0x000000000043bf37 in iosetup.lto_priv.436 (iop=0x65a1c8, tp=0x650e68) at exec.c:1390
	1390 if (e->savefd[iop->unit] == 0) {
	(gdb) print iop->unit
	$1 = -954437177

	$ dash -c "echo foo 2 2 2 2 >&\$v"
	Segmentation fault (core dumped)

	$ zsh -c "echo a>&113333333333"
	* buffer overflow detected *: zsh terminated

	--
	char fdstr[4];

	closemnodes(mfds);
	fixfds(save);
	if (fn->fd2 != -2)
	sprintf(fdstr, "%d", fn->fd2);
	--

	$ cat z5
	a << EOF
	hi $( <<"EOF" "

	$ zsh z5
	Segmentation fault (core dumped)

	$ busybox sh -c 'export z=abcdefg;echo ${z:0:9223372036854775807}'
	Segmentation fault (core dumped)

	$ busybox sh -c 'export R="";echo "${R:$((${R}-1)):1}"'
	Segmentation fault (core dumped)