bug-bash
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Corrupted multibyte characters in command substitutions

From: Ángel
Subject: Re: Corrupted multibyte characters in command substitutions
Date: Tue, 04 Jan 2022 00:02:59 +0100 
Hello Frank

I think that had you tested the devel branch instead of the last
release, you could have skipped a lot of testing (but how would you
have known? it's an easy thing to miss).
https://savannah.gnu.org/patch/?10035 seems to have gone the "easy
fix", which you discarded to get a more thorough one.
I was impressed as well by your careful analysis.

Chet, I think you should consider if Frank patch isn't better than the
previous one.
I agree however that it should be published as an official patch.
1/512th chance of corruption, and only on certain bash versions is
unlikely to be noticed easily. Which is doesn't mean this isn't really
important. Think for instance what could happen with this affecting a
pass(1) wrapper.


Frank, I don't think your harsh mail is appropriate, even though I feel
your frustration.

By the way, your reproducer is not working for me with an unpatched 5.1.8:
> printf "%511s\xc3\xa4" | env -i LC_MONETARY=C.UTF-8 ./bash-5.1.8/bash /tmp/bb 
> | sha1sum 
> c4df63043ca5b49c0a236e2ec7424ae8c34d7bad

which is just "%511s\xc3\xa4\n"

The other test case (reproducer.sh) does show the bug with the same
binary.

Or, an even simpler one (assuming a utf-8 locale, like almost everyone uses 
these days):
$ printf "%511s\xc3\xa4" | ./bash -c 'a="$(echo a)"; d=$(cat); echo "$d"' | sed 
's/^ *//'
Ö�

where it should have output:
ä


As for patching the systems, I think this deserves being patched even
on stable distros. Albeit I would prefer that Chet released an official
patch first.


Best regards
reply via email to
[Prev in Thread] Current Thread [Next in Thread]