bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug in sh_backslash_quote function (bash 4.3.33)


From: Eric Blake
Subject: Re: Bug in sh_backslash_quote function (bash 4.3.33)
Date: Wed, 04 Mar 2015 12:27:24 -0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0

On 03/04/2015 10:59 AM, Верещагин Алексей wrote:
> Bash Version: 4.3.33
> File: lib/sh/shquote.c
> Function: sh_backslash_quote
> Line: if (backslash_table[c] == 1)
> 
> Description
> -----------
> Variable "c" has signed integer type and may be negative (if "string" is
> not only ASCII characters string). But "c" used as an index in
> "backslash_table" array. This causes out of range error and produce
> undefined behavior.
> 
> Possible solution
> -----------------
> Cast variable "c" to unsigned char type:
> if (backslash_table[(unsigned char)c] == 1)

Similar to this other report:
https://lists.gnu.org/archive/html/bug-bash/2015-01/msg00096.html

and it looks like Chet has done some work in git at addressing various
call sites, although I have not yet checked if he got them all.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]