My first bash bug debugging, part 2

The reason for bash’s crash wasn’t an int overflow, but lack of memory available.

Part 1 is available here.

Bash wasn’t trying to allocate a negative number.

I didn’t debug deep enough. Also, I didn’t know C enough.

The functionxmalloc() takes size_t type as argument, as we can see in its source code below. size_t is an unsigned integer type used to represent the sizes of objects [1].

What does it mean?

It means that even if I invoke xmalloc() with a negative integer number, size_t type will convert that integer into a not signed number.

Let’s see it happening with gdb:

The “conversion” happens because both have same binary representation.

Original int value: -294967280
Byte representation: 11101110011010110010100000010000

size_t conversion: 4000000016
Byte representation: 11101110011010110010100000010000

Conclusion

The root cause for bash’s crash was that my laptop didn’t have 4gb of memory available to be allocated (thanks to Google Chrome using all of it already).

[1] size_t: https://www.gnu.org/software/libc/manual/html_node/Important-Data-Types.html

Thanks to Nenad Stojanovski for pointing the real root cause.