1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
BASH PATCH REPORT
=================
Bash-Release: 5.2
Patch-ID: bash52-021
Bug-Reported-by: Norbert Lange <nolange79@gmail.com>
Bug-Reference-ID: <CADYdroPZFdVZSL6KkhqkAPgKKopbsLQVSm7_TvLCwadL2=UAWw@mail.gmail.com>
Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-bash/2022-12/msg00046.html
Bug-Description:
There is an off-by-one error that causes command substitutions to fail when
they appear in a word expansion inside a here-document.
Patch (apply with `patch -p0'):
*** ../bash-5.2-patched/subst.c 2022-12-13 12:08:58.000000000 -0500
--- subst.c 2022-12-14 09:09:53.000000000 -0500
***************
*** 1694,1698 ****
CHECK_STRING_OVERRUN (i, si, slen, c);
! tlen = si - i - 1;
RESIZE_MALLOCED_BUFFER (result, result_index, tlen + 4, result_size, 64);
result[result_index++] = c;
--- 1699,1703 ----
CHECK_STRING_OVERRUN (i, si, slen, c);
! tlen = si - i - 2;
RESIZE_MALLOCED_BUFFER (result, result_index, tlen + 4, result_size, 64);
result[result_index++] = c;
***************
*** 1714,1718 ****
CHECK_STRING_OVERRUN (i, si, slen, c);
! tlen = si - i - 1;
RESIZE_MALLOCED_BUFFER (result, result_index, tlen + 4, result_size, 64);
result[result_index++] = c;
--- 1719,1723 ----
CHECK_STRING_OVERRUN (i, si, slen, c);
! tlen = si - i - 2;
RESIZE_MALLOCED_BUFFER (result, result_index, tlen + 4, result_size, 64);
result[result_index++] = c;
*** ../bash-5.2/patchlevel.h 2020-06-22 14:51:03.000000000 -0400
--- patchlevel.h 2020-10-01 11:01:28.000000000 -0400
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 20
#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 21
#endif /* _PATCHLEVEL_H_ */
|
