On a bigger problem I spotted that some variables get corrupted.
I have crafted the smallest example to show the bug.
I have tested it on Debian Bullseye, Debian Buster, different
machines and also on newly created Debian Live on USB key,
and on Virtual Box.
Here is script that corrupts data:
####################### SCRIPT #############3
#!/bin/bash
# ^^^ if you change to /bin/sh then no bug anymore
# if you set LANG=C then there is no bug anymore
LANG=pl_PL.UTF-8
# these should be identical
FIRSTRUN="$(cat some_input.txt)"
SECONDRUN="$(cat some_input.txt)"
if test "$FIRSTRUN" = "$SECONDRUN"; then
printf "\n\nno bug on your system...\n\n"
else
printf "\n\nthere is a BUG on your system...\n\n"
{
echo "$FIRSTRUN"
echo "$SECONDRUN"
} | sort | uniq -u
fi
################################### end of script ########
##############################
Output:
leszek@xps15:~/$ ./make_test.sh
there is a BUG on your system...
Some more tests were done on: - ubuntu 22.04 (5.15.0-23) - ubuntu 20.04 (5.13.0-35) - fedora 35 (5.14.10-300) - debian 10 (4.19.0-19) - debian 11 (5.10.0-11) - bash 5.1-2 - debian testing (5.16.0-5) Error is only on debian 11. If you upgrade bash 5.1-2 to 5.1-6 then but is resolved. So the bug maybe is only in bash version 5.1-2
I believe this is the same bug as reported in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003012 and upstream in https://lists.gnu.org/archive/html/bug-bash/2022-01/msg00000.html
Hmm... looks sililar. Thank you. So what should we do now? Upgrade bash from testing? Or wait until stable debian is upgraded? I am afraid of silent data corruption on production server where we use debian stable...
I have just upgraded to debian version 11.3. Bug is still there: root@orion:~# cat /etc/debian_version 11.3 root@orion:~# ./make_test.sh there is a BUG on your system... -xx-x--x-- 1 xxxx xxxx 5551 2022-03-11 14:45:33.671864216 +0100 ../xxxxx_xxxx/xxxx/xxxxxxxx_xxxxxxxxx/xx_378649_01_Ł�xxxxxx -xx-x--x-- 1 xxxx xxxx 5551 2022-03-11 14:45:33.671864216 +0100 ../xxxxx_xxxx/xxxx/xxxxxxxx_xxxxxxxxx/xx_378649_01_Śxxxxxx -xx-x--x-- 1 xxxx xxxx 2194 2022-03-16 15:45:30.808233919 +0100 ../xxxxx_xxxx/xxxx/xxxxxxxx_xxxxxxxxx/xx_378884_11_xxxxłx0 -xx-x--x-- 1 xxxx xxxx 2194 2022-03-16 15:45:30.808233919 +0100 ../xxxxx_xxxx/xxxx/xxxxxxxx_xxxxxxxxx/xx_378884_11_xxxxŁ�x0 -xx-x--x-- 1 xxxx xxxx 2927 2022-03-14 13:00:29.878538837 +0100 ../xxxxx_xxxx/xxxx/xxxxxxxx_xxxxxxxxx/xx_378748_01_Ł�xxxxxx -xx-x--x-- 1 xxxx xxxx 2927 2022-03-14 13:00:29.878538837 +0100 ../xxxxx_xxxx/xxxx/xxxxxxxx_xxxxxxxxx/xx_378748_01_Śxxxxxx root@orion:~# bash --version GNU bash, wersja 5.1.4(1)-release (x86_64-pc-linux-gnu) root@orion:~# dpkg -l | grep bash ii bash 5.1-2+b3 amd64 GNU Bourne Again SHell I think this sould be marked as critical bug or security threat. Please tell what should we do:
Some more info: On Ubuntu 21.04 the bug is not present: bash has version "5.1-2ubuntu1" and libc6 has version "2.33-0ubuntu5".
Hi, The update addressing this isssue is pending for the next point release as per https://bugs.debian.org/1006504 Regards, Salvatore
We believe that the bug you reported is fixed in the latest version of bash, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1003012@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <carnil@debian.org> (supplier of updated bash package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) Format: 1.8 Date: Sun, 27 Mar 2022 20:40:30 +0200 Source: bash Architecture: source Version: 5.1-2+deb11u1 Distribution: bullseye Urgency: medium Maintainer: Matthias Klose <doko@debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 1003012 Changes: bash (5.1-2+deb11u1) bullseye; urgency=medium . * Non-maintainer upload. * 1-byte buffer overflow read in subst.c read_comsub (Closes: #1003012) Checksums-Sha1: 33b5c5a6d326565b57da14fb2e8020e12204a247 2458 bash_5.1-2+deb11u1.dsc 1c19b9453c378e18c7531fcf2628bd7f36b1e6a5 90828 bash_5.1-2+deb11u1.debian.tar.xz 803a8191469abd6b4d476577cda479ccefa747b3 6944 bash_5.1-2+deb11u1_source.buildinfo Checksums-Sha256: a475836201a8b2937dd83180c86ede2be07ea57ff41d02dfd639c3e08fa94045 2458 bash_5.1-2+deb11u1.dsc 2560b99eb87dd0aa3a15b88c31cc801630cbda93d566a936b643da8dff30627b 90828 bash_5.1-2+deb11u1.debian.tar.xz c986474f3263f1e246f84eb8e1d39b964d1b8bb0257742584bbed6ae04661719 6944 bash_5.1-2+deb11u1_source.buildinfo Files: 647560311ca62a9b84806c034d6c4c36 2458 base required bash_5.1-2+deb11u1.dsc 17ee378557d9dc3eeda65936984d502b 90828 base required bash_5.1-2+deb11u1.debian.tar.xz 35de4ff395f4ec269bfa927c930ec37b 6944 base required bash_5.1-2+deb11u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmJAsdBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EDyMP/0YDLaK0XcWWOKVmUhsK48GDzgid7UR1 MRWqqFOBqnzGlDjyup4OBgJOnB5vmHifwz/AXuoWDBU17kkYAB7Ur1yeIl0jtGCW MVmAHdv2z5v7lXSSgTAJs6YZLvEPVXCaNxBW5sb9RXI185+HPTTk71dJqLyGss3x m4Q5Acieb3Gp/YYZcTVxRY1sgFmmDWuDXYkd0+mAEvRgzVrRvSd1jenRFtC72DAC OlQ65Lv+a/lB/DEbUu8Yt+7AODwqGUte1CqKEk7aNWu4jnUdGS7Z0L629H1Dc+R1 TiWhY8+OrL2d5Z2jgjLfNmr8Iiz75oTEb1flGfaegrpO5hdb+wBYclgQGguxdYL5 N5JsgCFcAvMlhUiVFj9R2rrICE8C1hEEaIfW7/t0KQ838rt9K2SCtQzMHCAyHbYB Z0dK3oJ15neyAJcDsBt2ubkPVRowF4CHBKZftS4icjrPzSqCCTzsGLqtmyvPR0lP 24UtlXGcZxZkDJ3kXxGB9gZLy9sQiIEJyR5Yrko8U9RqgRoAV4QRwpeBbulpstN0 N+822rWdAdvB20UgY0ud6lBZrc+0iAJmZXxRfGTbubyceEIS2Ah2YHmbbwmidSWU KTDP7LMUZ04+k/z9yV4vNsr+fZGdTOTEWXapqCfNbkVgbxHpcbKSg03ebJY6wQ/N L0RC1EqLmh5W =t9Lx -----END PGP SIGNATURE-----