diff options
Diffstat (limited to 'backport-posix-Fix-some-crashes-in-wordexp-BZ-18096.patch')
| -rw-r--r-- | backport-posix-Fix-some-crashes-in-wordexp-BZ-18096.patch | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/backport-posix-Fix-some-crashes-in-wordexp-BZ-18096.patch b/backport-posix-Fix-some-crashes-in-wordexp-BZ-18096.patch new file mode 100644 index 0000000..668a563 --- /dev/null +++ b/backport-posix-Fix-some-crashes-in-wordexp-BZ-18096.patch @@ -0,0 +1,86 @@ +From 31bfe3ef4ea898df606cb6cc59ac72de27002b01 Mon Sep 17 00:00:00 2001 +From: Julian Squires <julian@cipht.net> +Date: Wed, 22 Mar 2023 14:09:57 -0230 +Subject: [PATCH] posix: Fix some crashes in wordexp [BZ #18096] + +Without these fixes, the first three included tests segfault (on a +NULL dereference); the fourth aborts on an assertion, which is itself +unnecessary. + +Conflict:NA +Reference:https://sourceware.org/git/?p=glibc.git;a=commit;h=31bfe3ef4ea898df606cb6cc59ac72de27002b01 + +Signed-off-by: Julian Squires <julian@cipht.net> +Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> +--- + posix/wordexp-test.c | 4 ++++ + posix/wordexp.c | 11 ++++------- + 2 files changed, 8 insertions(+), 7 deletions(-) + +diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c +index f7a591149b..bae27d6cee 100644 +--- a/posix/wordexp-test.c ++++ b/posix/wordexp-test.c +@@ -117,6 +117,8 @@ struct test_case_struct + { 0, NULL, "$((010+0x10))", 0, 1, { "24" }, IFS }, + { 0, NULL, "$((-010+0x10))", 0, 1, { "8" }, IFS }, + { 0, NULL, "$((-0x10+010))", 0, 1, { "-8" }, IFS }, ++ { 0, NULL, "$(())", 0, 1, { "0", }, IFS }, ++ { 0, NULL, "$[]", 0, 1, { "0", }, IFS }, + + /* Advanced parameter expansion */ + { 0, NULL, "${var:-bar}", 0, 1, { "bar", }, IFS }, +@@ -138,6 +140,8 @@ struct test_case_struct + { 0, "12345", "${#var}", 0, 1, { "5", }, IFS }, + { 0, NULL, "${var:-'}'}", 0, 1, { "}", }, IFS }, + { 0, NULL, "${var-}", 0, 0, { NULL }, IFS }, ++ { 0, NULL, "${a?}", 0, 0, { NULL, }, IFS }, ++ { 0, NULL, "${#a=}", 0, 1, { "0", }, IFS }, + + { 0, "pizza", "${var#${var}}", 0, 0, { NULL }, IFS }, + { 0, "pepperoni", "${var%$(echo oni)}", 0, 1, { "pepper" }, IFS }, +diff --git a/posix/wordexp.c b/posix/wordexp.c +index 0da98f5b08..b34c4a939b 100644 +--- a/posix/wordexp.c ++++ b/posix/wordexp.c +@@ -720,7 +720,7 @@ parse_arith (char **word, size_t *word_length, size_t *max_length, + ++(*offset); + + /* Go - evaluate. */ +- if (*expr && eval_expr (expr, &numresult) != 0) ++ if (expr && eval_expr (expr, &numresult) != 0) + { + free (expr); + return WRDE_SYNTAX; +@@ -758,7 +758,7 @@ parse_arith (char **word, size_t *word_length, size_t *max_length, + long int numresult = 0; + + /* Go - evaluate. */ +- if (*expr && eval_expr (expr, &numresult) != 0) ++ if (expr && eval_expr (expr, &numresult) != 0) + { + free (expr); + return WRDE_SYNTAX; +@@ -1790,7 +1790,7 @@ envsubst: + { + const char *str = pattern; + +- if (str[0] == '\0') ++ if (!str || str[0] == '\0') + str = _("parameter null or not set"); + + __fxprintf (NULL, "%s: %s\n", env, str); +@@ -1883,10 +1883,7 @@ envsubst: + _itoa_word (value ? strlen (value) : 0, + ¶m_length[20], 10, 0)); + if (free_value) +- { +- assert (value != NULL); +- free (value); +- } ++ free (value); + + return *word ? 0 : WRDE_NOSPACE; + } +-- +2.33.0 |