BASH PATCH REPORT ================= Bash-Release: 3.2 Patch-ID: bash32-033 Bug-Reported-by: Christophe Martin Bug-Reference-ID: <465ABA4A.3030805@free.fr> Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2007-05/msg00104.html Bug-Description: References made within a function to an uninitialized local array variable using the [*] subscript in a double-quoted string can result in spurious ASCII 127 characters in the expanded value. Patch: *** bash-3.2-patched/arrayfunc.c 2007-08-25 13:47:05.000000000 -0400 --- bash-3.2/arrayfunc.c 2007-05-31 11:55:46.000000000 -0400 *************** *** 723,727 **** { if (rtype) ! *rtype = 1; if (allow_all == 0) { --- 723,727 ---- { if (rtype) ! *rtype = (t[0] == '*') ? 1 : 2; if (allow_all == 0) { *** bash-3.2-patched/subst.c 2007-08-25 13:47:08.000000000 -0400 --- bash-3.2/subst.c 2007-11-14 15:43:00.000000000 -0500 *************** *** 4908,4915 **** intmax_t arg_index; SHELL_VAR *var; ! int atype; ret = 0; temp = 0; /* Handle multiple digit arguments, as in ${11}. */ --- 4973,4981 ---- intmax_t arg_index; SHELL_VAR *var; ! int atype, rflags; ret = 0; temp = 0; + rflags = 0; /* Handle multiple digit arguments, as in ${11}. */ *************** *** 4944,4947 **** --- 5010,5015 ---- ? quote_string (temp) : quote_escapes (temp); + else if (atype == 1 && temp && QUOTED_NULL (temp) && (quoted & (Q_DOUBLE_QUOTES|Q_HERE_DOCUMENT))) + rflags |= W_HASQUOTEDNULL; } #endif *************** *** 4971,4974 **** --- 5039,5043 ---- ret = alloc_word_desc (); ret->word = temp; + ret->flags |= rflags; } return ret; *** bash-3.2/patchlevel.h Thu Apr 13 08:31:04 2006 --- bash-3.2/patchlevel.h Mon Oct 16 14:22:54 2006 *************** *** 26,30 **** looks for to find the patch level (for the sccs version string). */ ! #define PATCHLEVEL 32 #endif /* _PATCHLEVEL_H_ */ --- 26,30 ---- looks for to find the patch level (for the sccs version string). */ ! #define PATCHLEVEL 33 #endif /* _PATCHLEVEL_H_ */