[Bug libc/18100] New: SIGFPE in wordexp/eval_expr_multdiv

["konstantin.s.serebryany at gmail dot com" <sourceware-bugzilla at sourceware dot org>]

https://sourceware.org/bugzilla/show_bug.cgi?id=18100

            Bug ID: 18100
           Summary: SIGFPE in wordexp/eval_expr_multdiv
           Product: glibc
           Version: 2.21
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
          Assignee: unassigned at sourceware dot org
          Reporter: konstantin.s.serebryany at gmail dot com
                CC: drepper.fsp at gmail dot com

I am not sure if this is a bug or intentional behavior,
but passing $[1/0]" to wordexp leads to divide by zero. 

#include <wordexp.h>
int main() {
  wordexp_t w;
  wordexp("$[1/0]", &w, 0);
}

% gcc we13.c && ./a.out 
Floating point exception (core dumped)

#0  0x00007ffff7afa136 in eval_expr_multdiv (expr=0x7fffffffd338,
result=0x7fffffffd410) at wordexp.c:620
#1  0x00007ffff7afa204 in eval_expr (expr=0x602033 "",
result=result@entry=0x7fffffffd410) at wordexp.c:635
#2  0x00007ffff7afe62d in parse_arith (word=word@entry=0x7fffffffd6a0,
word_length=word_length@entry=0x7fffffffd680,
max_length=max_length@entry=0x7fffffffd690, 
    words=words@entry=0x4005d4 "$[1/0]", offset=offset@entry=0x7fffffffd670,
flags=flags@entry=0, bracket=1) at wordexp.c:777
#3  0x00007ffff7afc124 in parse_dollars (word=word@entry=0x7fffffffd6a0,
word_length=word_length@entry=0x7fffffffd680,
max_length=max_length@entry=0x7fffffffd690, 
    words=words@entry=0x4005d4 "$[1/0]", offset=offset@entry=0x7fffffffd670,
flags=flags@entry=0, pwordexp=pwordexp@entry=0x7fffffffd790,
ifs=ifs@entry=0x7fffffffd660 " \t\n", 
    ifs_white=ifs_white@entry=0x7fffffffd660 " \t\n", quoted=quoted@entry=0) at
wordexp.c:2096
#4  0x00007ffff7afefec in wordexp (words=<optimized out>, pwordexp=<optimized
out>, flags=0) at wordexp.c:2348

-- 
You are receiving this mail because:
You are on the CC list for the bug.