[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bug in sh_backslash_quote function (bash 4.3.33)
From: |
Eric Blake |
Subject: |
Re: Bug in sh_backslash_quote function (bash 4.3.33) |
Date: |
Wed, 04 Mar 2015 12:27:24 -0700 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 |
On 03/04/2015 10:59 AM, Верещагин Алексей wrote:
> Bash Version: 4.3.33
> File: lib/sh/shquote.c
> Function: sh_backslash_quote
> Line: if (backslash_table[c] == 1)
>
> Description
> -----------
> Variable "c" has signed integer type and may be negative (if "string" is
> not only ASCII characters string). But "c" used as an index in
> "backslash_table" array. This causes out of range error and produce
> undefined behavior.
>
> Possible solution
> -----------------
> Cast variable "c" to unsigned char type:
> if (backslash_table[(unsigned char)c] == 1)
Similar to this other report:
https://lists.gnu.org/archive/html/bug-bash/2015-01/msg00096.html
and it looks like Chet has done some work in git at addressing various
call sites, although I have not yet checked if he got them all.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature