BASH PATCH REPORT
=================
Bash-Release: 3.2
Patch-ID: bash32-033
Bug-Reported-by: Christophe Martin <schplurtz@free.fr>
Bug-Reference-ID: <465ABA4A.3030805@free.fr>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2007-05/msg00104.html
Bug-Description:
References made within a function to an uninitialized local array variable
using the [*] subscript in a double-quoted string can result in spurious
ASCII 127 characters in the expanded value.
Patch:
*** ../bash-3.2-patched/arrayfunc.c 2007-08-25 13:47:05.000000000 -0400
--- arrayfunc.c 2007-05-31 11:55:46.000000000 -0400
***************
*** 723,727 ****
{
if (rtype)
! *rtype = 1;
if (allow_all == 0)
{
--- 723,727 ----
{
if (rtype)
! *rtype = (t[0] == '*') ? 1 : 2;
if (allow_all == 0)
{
*** ../bash-3.2-patched/subst.c 2007-08-25 13:47:08.000000000 -0400
--- subst.c 2007-11-14 15:43:00.000000000 -0500
***************
*** 4908,4915 ****
intmax_t arg_index;
SHELL_VAR *var;
! int atype;
ret = 0;
temp = 0;
/* Handle multiple digit arguments, as in ${11}. */
--- 4973,4981 ----
intmax_t arg_index;
SHELL_VAR *var;
! int atype, rflags;
ret = 0;
temp = 0;
+ rflags = 0;
/* Handle multiple digit arguments, as in ${11}. */
***************
*** 4944,4947 ****
--- 5010,5015 ----
? quote_string (temp)
: quote_escapes (temp);
+ else if (atype == 1 && temp && QUOTED_NULL (temp) && (quoted & (Q_DOUBLE_QUOTES|Q_HERE_DOCUMENT)))
+ rflags |= W_HASQUOTEDNULL;
}
#endif
***************
*** 4971,4974 ****
--- 5039,5043 ----
ret = alloc_word_desc ();
ret->word = temp;
+ ret->flags |= rflags;
}
return ret;
*** ../bash-3.2/patchlevel.h Thu Apr 13 08:31:04 2006
--- patchlevel.h Mon Oct 16 14:22:54 2006
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 32
#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 33
#endif /* _PATCHLEVEL_H_ */