blob: b7b1158b894743d3c1c81d829dde3f07b7dcfe0e (
about) (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
BASH PATCH REPORT
=================
Bash-Release: 4.2
Patch-ID: bash42-024
Bug-Reported-by: Jim Avera <james_avera@yahoo.com>
Bug-Reference-ID: <4F29E07A.80405@yahoo.com>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2012-02/msg00001.html
Bug-Description:
When `printf -v' is used to set an array element, the format string contains
`%b', and the corresponding argument is the empty string, the buffer used
to store the value to be assigned can be NULL, which results in NUL being
assigned to the array element. This causes a seg fault when it's used later.
Patch (apply with `patch -p0'):
*** ../bash-4.2-patched/builtins/printf.def 2011-02-25 12:07:41.000000000 -0500
--- builtins/printf.def 2012-02-02 08:37:12.000000000 -0500
***************
*** 256,259 ****
--- 257,262 ----
{
vflag = 1;
+ if (vbsize == 0)
+ vbuf = xmalloc (vbsize = 16);
vblen = 0;
if (vbuf)
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 23
#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 24
#endif /* _PATCHLEVEL_H_ */
|