bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Execution of a data string


From: Greg Wooledge
Subject: Re: Execution of a data string
Date: Thu, 22 Sep 2016 09:23:32 -0400
User-agent: Mutt/1.4.2.3i

On Wed, Sep 21, 2016 at 11:15:45PM -0400, address@hidden wrote:
> In Summary:
> 
> declare -a "$string"       # results in execution of $string
> declare -a a=($string)    # does not result in execution of $string

This is why you don't use the first form.  It's the same with eval --
if you don't have full control over the statement being eval'ed, then
you risk undesired code execution.

Your second form also has some issues.  The contents of $string will
undergo word splitting and then pathname expansion (globbing).  This could
cause unexpected results if any of the words expands to a glob pattern
which matches actual files.  If you want to split a string into an array,
this is safer as long as the string does not contain any newlines:

read -ra a <<< "$string"

If the string contains newlines, then:

read -rd '' -a a <<< "$string"

Of course, this read command will always exit with status "1" because
it never finds a NUL byte.  That's only a problem if you use set -e,
which of course no sane person should be doing....



reply via email to

[Prev in Thread] Current Thread [Next in Thread]