[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Corrupted multibyte characters in command substitutions

From: Frank Heckenbach
Subject: Re: Corrupted multibyte characters in command substitutions
Date: Sat, 08 Jan 2022 00:22:25 +0100

Ángel wrote:

> I think that had you tested the devel branch instead of the last
> release, you could have skipped a lot of testing (but how would you
> have known? it's an easy thing to miss).
> https://savannah.gnu.org/patch/?10035 seems to have gone the "easy
> fix", which you discarded to get a more thorough one.

Well, the hard part was the analysis. After I found the problem,
the fix then wasn't that hard either way.

> I was impressed as well by your careful analysis.
> Chet, I think you should consider if Frank patch isn't better than the
> previous one.
> I agree however that it should be published as an official patch.
> 1/512th chance of corruption, and only on certain bash versions is
> unlikely to be noticed easily. Which is doesn't mean this isn't really
> important.

1/512 may be rare (and thus the more surprising) for many users. In
my case, it was (luckily?) more common since my script processed a
number of UTF-8 strings which increases the chance of hitting it.
Indeed, by varying the environment it was roughly as likely to work
correctly or crash at one of 3 points or so.

> Think for instance what could happen with this affecting a
> pass(1) wrapper.

Probably. But any script that processes data (and doesn't just pipe
them from one external command to the other) is potentially
affected, and one may not notice the corrupt output until much

> By the way, your reproducer is not working for me with an unpatched 5.1.8:

Well, as I wrote in my original mail, it may depend on other factors
of my environment, and it would take more work to identify them.
Anyway, the point is moot now; my test works on my system and shows
that the bug is present in 5.1.12 and fixed in 5.1.16.

> As for patching the systems, I think this deserves being patched even
> on stable distros. Albeit I would prefer that Chet released an official
> patch first.

That's been done now (5.1.16), thanks! Of course, I agree that
stable distros should be patched as soon as possible.

Best regards,

reply via email to

[Prev in Thread] Current Thread [Next in Thread]