aboutsummaryrefslogtreecommitdiffstats
path: root/package/bash/bash32-033
blob: 89bc35d625721e1bfb48d2262ce290f53dcc0fed (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
			     BASH PATCH REPORT
			     =================

Bash-Release: 3.2
Patch-ID: bash32-033

Bug-Reported-by:	Christophe Martin <schplurtz@free.fr>
Bug-Reference-ID:	<465ABA4A.3030805@free.fr>
Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2007-05/msg00104.html

Bug-Description:

References made within a function to an uninitialized local array variable
using the [*] subscript in a double-quoted string  can result in spurious
ASCII 127 characters in the expanded value.

Patch:

*** bash-3.2-patched/arrayfunc.c	2007-08-25 13:47:05.000000000 -0400
--- bash-3.2/arrayfunc.c	2007-05-31 11:55:46.000000000 -0400
***************
*** 723,727 ****
      {
        if (rtype)
! 	*rtype = 1;
        if (allow_all == 0)
  	{
--- 723,727 ----
      {
        if (rtype)
! 	*rtype = (t[0] == '*') ? 1 : 2;
        if (allow_all == 0)
  	{
*** bash-3.2-patched/subst.c	2007-08-25 13:47:08.000000000 -0400
--- bash-3.2/subst.c	2007-11-14 15:43:00.000000000 -0500
***************
*** 4908,4915 ****
    intmax_t arg_index;
    SHELL_VAR *var;
!   int atype;
  
    ret = 0;
    temp = 0;
  
    /* Handle multiple digit arguments, as in ${11}. */  
--- 4973,4981 ----
    intmax_t arg_index;
    SHELL_VAR *var;
!   int atype, rflags;
  
    ret = 0;
    temp = 0;
+   rflags = 0;
  
    /* Handle multiple digit arguments, as in ${11}. */  
***************
*** 4944,4947 ****
--- 5010,5015 ----
   		  ? quote_string (temp)
   		  : quote_escapes (temp);
+       else if (atype == 1 && temp && QUOTED_NULL (temp) && (quoted & (Q_DOUBLE_QUOTES|Q_HERE_DOCUMENT)))
+ 	rflags |= W_HASQUOTEDNULL;
      }
  #endif
***************
*** 4971,4974 ****
--- 5039,5043 ----
        ret = alloc_word_desc ();
        ret->word = temp;
+       ret->flags |= rflags;
      }
    return ret;
*** bash-3.2/patchlevel.h	Thu Apr 13 08:31:04 2006
--- bash-3.2/patchlevel.h	Mon Oct 16 14:22:54 2006
***************
*** 26,30 ****
     looks for to find the patch level (for the sccs version string). */
  
! #define PATCHLEVEL 32
  
  #endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
     looks for to find the patch level (for the sccs version string). */
  
! #define PATCHLEVEL 33
  
  #endif /* _PATCHLEVEL_H_ */