[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Corrupted multibyte characters in command substitutions

From: Frank Heckenbach
Subject: Re: Corrupted multibyte characters in command substitutions
Date: Mon, 03 Jan 2022 02:43:58 +0100

Chet Ramey wrote:

> > After all, we're talking about silent data corruption, and now I
> > learn the bug is known for almost a year, the fix is known and still
> > hasn't been released, not even as an official patch.
> If you use the number of bug reports as an indication of urgency,

Why would you? Aren't you able to assess the severity of a bug
yourself? Silent data corruption is certainly one of the most severe
kind of bugs (next to security bugs -- which this one might also be;
I don't know, I'm no expert in writing exploits).

> this is rarely encountered.
> Yours is the second (maybe the third?) report.

Obviously not. You yourself gave me a link to another report. That
one mentions the bug also affects the building of the FSFE website.
A quick search found other reports.

But I know what you really mean. It only affects those strange
non-ASCII locales, so it must be rare. (Anti-American rant skipped
for politeness.)

> > In the meantime, the buggy version has made it into a Debian stable
> > release (and I assume many other distributions) and caused me (and I
> > assume many other users) a lot of trouble.
> I wouldn't make any assumptions beyond your own experience.

But I do since I read about other's experiences, see above.

> > I spend many hours, first debugging my own script, then bash, which
> > could have been spent more productively!
> I appreciate that you did.

I certainly won't when I find the next bash bug. Instead, I'll ask
everyone I know to send a separate bug report to better suit your
metric of urgency.

PS: One reason I'm so angry is this isn't the first time I've
reported a bug with an easy fix to some FS package, or found a bug
and discovered someone else had done this, and the fix sat there for
a long time. How you do really expect people to contribute (you
know, ESR's bazaar and stuff) if all the effort goes wasted and
important fixes just rot in some archives? It's different when only
a bug is reported and someone needs to find the cause and fix it,
but when the patch is there and tested, it's a matter of minutes (if
you have a moderately sane build system) to apply it and save your
users a lot of trouble.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]