My first bash bug debugging, part 2
The reason for bash’s crash wasn’t an int overflow, but lack of memory available.
Part 1 is available here.
Bash wasn’t trying to allocate a negative number.
I didn’t debug deep enough. Also, I didn’t know C enough.
The functionxmalloc()
takes size_t
type as argument, as we can see in its source code below. size_t
is an unsigned integer type used to represent the sizes of objects [1].
What does it mean?
It means that even if I invoke xmalloc()
with a negative integer number, size_t
type will convert that integer into a not signed number.
Let’s see it happening with gdb:
The “conversion” happens because both have same binary representation.
Original int value: -294967280
Byte representation: 11101110011010110010100000010000
size_t
conversion: 4000000016
Byte representation: 11101110011010110010100000010000
Conclusion
The root cause for bash’s crash was that my laptop didn’t have 4gb of memory available to be allocated (thanks to Google Chrome using all of it already).
[1] size_t
: https://www.gnu.org/software/libc/manual/html_node/Important-Data-Types.html
Thanks to Nenad Stojanovski for pointing the real root cause.