summaryrefslogtreecommitdiffstats
path: root/patches/source/bash/bash-4.2-patches/bash42-044
diff options
context:
space:
mode:
Diffstat (limited to 'patches/source/bash/bash-4.2-patches/bash42-044')
-rw-r--r--patches/source/bash/bash-4.2-patches/bash42-04470
1 files changed, 70 insertions, 0 deletions
diff --git a/patches/source/bash/bash-4.2-patches/bash42-044 b/patches/source/bash/bash-4.2-patches/bash42-044
new file mode 100644
index 000000000..e5bf28323
--- /dev/null
+++ b/patches/source/bash/bash-4.2-patches/bash42-044
@@ -0,0 +1,70 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-044
+
+Bug-Reported-by: "Dashing" <dashing@hushmail.com>
+Bug-Reference-ID: <20130211175049.D90786F446@smtp.hushmail.com>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2013-02/msg00030.html
+
+Bug-Description:
+
+When converting a multibyte string to a wide character string as part of
+pattern matching, bash does not handle the end of the string correctly,
+causing the search for the NUL to go beyond the end of the string and
+reference random memory. Depending on the contents of that memory, bash
+can produce errors or crash.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/lib/glob/xmbsrtowcs.c 2012-07-08 21:53:19.000000000 -0400
+--- lib/glob/xmbsrtowcs.c 2013-02-12 12:00:39.000000000 -0500
+***************
+*** 217,220 ****
+--- 217,226 ----
+ n = mbsnrtowcs(wsbuf+wcnum, &p, nms, wsbuf_size-wcnum, &state);
+
++ if (n == 0 && p == 0)
++ {
++ wsbuf[wcnum] = L'\0';
++ break;
++ }
++
+ /* Compensate for taking single byte on wcs conversion failure above. */
+ if (wcslength == 1 && (n == 0 || n == (size_t)-1))
+***************
+*** 222,226 ****
+ state = tmp_state;
+ p = tmp_p;
+! wsbuf[wcnum++] = *p++;
+ }
+ else
+--- 228,238 ----
+ state = tmp_state;
+ p = tmp_p;
+! wsbuf[wcnum] = *p;
+! if (*p == 0)
+! break;
+! else
+! {
+! wcnum++; p++;
+! }
+ }
+ else
+
+*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
+--- patchlevel.h Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 43
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 44
+
+ #endif /* _PATCHLEVEL_H_ */