nalika / rpms / bash

Forked from rpms/bash 2 years ago
Clone
Blob Blame History Raw
BASH PATCH REPORT
=================
Bash-Release: 4.2
Patch-ID: bash42-003
Bug-Reported-by: Clark J. Wang <dearvoid@gmail.com>
Bug-Reference-ID: <AANLkTikZ_rVV-frR8Fh0PzhXnMKnm5XsUR-F3qtPPs5G@mail.gmail.com>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-02/msg00136.html
Bug-Description:
When using the pattern replacement and pattern removal word expansions, bash
miscalculates the possible match length in the presence of an unescaped left
bracket without a closing right bracket, resulting in a failure to match
the pattern.
Patch (apply with `patch -p0'):
*** ../bash-4.2-patched/lib/glob/gmisc.c 2011-02-05 16:11:17.000000000 -0500
--- lib/glob/gmisc.c 2011-02-18 23:53:42.000000000 -0500
***************
*** 78,83 ****
size_t wmax;
{
! wchar_t wc, *wbrack;
! int matlen, t, in_cclass, in_collsym, in_equiv;
if (*wpat == 0)
--- 78,83 ----
size_t wmax;
{
! wchar_t wc;
! int matlen, bracklen, t, in_cclass, in_collsym, in_equiv;
if (*wpat == 0)
***************
*** 119,123 ****
case L'[':
/* scan for ending `]', skipping over embedded [:...:] */
! wbrack = wpat;
wc = *wpat++;
do
--- 119,123 ----
case L'[':
/* scan for ending `]', skipping over embedded [:...:] */
! bracklen = 1;
wc = *wpat++;
do
***************
*** 125,140 ****
if (wc == 0)
{
! matlen += wpat - wbrack - 1; /* incremented below */
! break;
}
else if (wc == L'\\')
{
! wc = *wpat++;
! if (*wpat == 0)
! break;
}
else if (wc == L'[' && *wpat == L':') /* character class */
{
wpat++;
in_cclass = 1;
}
--- 125,148 ----
if (wc == 0)
{
! wpat--; /* back up to NUL */
! matlen += bracklen;
! goto bad_bracket;
}
else if (wc == L'\\')
{
! /* *wpat == backslash-escaped character */
! bracklen++;
! /* If the backslash or backslash-escape ends the string,
! bail. The ++wpat skips over the backslash escape */
! if (*wpat == 0 || *++wpat == 0)
! {
! matlen += bracklen;
! goto bad_bracket;
! }
}
else if (wc == L'[' && *wpat == L':') /* character class */
{
wpat++;
+ bracklen++;
in_cclass = 1;
}
***************
*** 142,145 ****
--- 150,154 ----
{
wpat++;
+ bracklen++;
in_cclass = 0;
}
***************
*** 147,152 ****
{
wpat++;
if (*wpat == L']') /* right bracket can appear as collating symbol */
! wpat++;
in_collsym = 1;
}
--- 156,165 ----
{
wpat++;
+ bracklen++;
if (*wpat == L']') /* right bracket can appear as collating symbol */
! {
! wpat++;
! bracklen++;
! }
in_collsym = 1;
}
***************
*** 154,157 ****
--- 167,171 ----
{
wpat++;
+ bracklen++;
in_collsym = 0;
}
***************
*** 159,164 ****
{
wpat++;
if (*wpat == L']') /* right bracket can appear as equivalence class */
! wpat++;
in_equiv = 1;
}
--- 173,182 ----
{
wpat++;
+ bracklen++;
if (*wpat == L']') /* right bracket can appear as equivalence class */
! {
! wpat++;
! bracklen++;
! }
in_equiv = 1;
}
***************
*** 166,174 ****
--- 184,196 ----
{
wpat++;
+ bracklen++;
in_equiv = 0;
}
+ else
+ bracklen++;
}
while ((wc = *wpat++) != L']');
matlen++; /* bracket expression can only match one char */
+ bad_bracket:
break;
}
***************
*** 214,219 ****
size_t max;
{
! char c, *brack;
! int matlen, t, in_cclass, in_collsym, in_equiv;
if (*pat == 0)
--- 236,241 ----
size_t max;
{
! char c;
! int matlen, bracklen, t, in_cclass, in_collsym, in_equiv;
if (*pat == 0)
***************
*** 255,259 ****
case '[':
/* scan for ending `]', skipping over embedded [:...:] */
! brack = pat;
c = *pat++;
do
--- 277,281 ----
case '[':
/* scan for ending `]', skipping over embedded [:...:] */
! bracklen = 1;
c = *pat++;
do
***************
*** 261,276 ****
if (c == 0)
{
! matlen += pat - brack - 1; /* incremented below */
! break;
}
else if (c == '\\')
{
! c = *pat++;
! if (*pat == 0)
! break;
}
else if (c == '[' && *pat == ':') /* character class */
{
pat++;
in_cclass = 1;
}
--- 283,306 ----
if (c == 0)
{
! pat--; /* back up to NUL */
! matlen += bracklen;
! goto bad_bracket;
}
else if (c == '\\')
{
! /* *pat == backslash-escaped character */
! bracklen++;
! /* If the backslash or backslash-escape ends the string,
! bail. The ++pat skips over the backslash escape */
! if (*pat == 0 || *++pat == 0)
! {
! matlen += bracklen;
! goto bad_bracket;
! }
}
else if (c == '[' && *pat == ':') /* character class */
{
pat++;
+ bracklen++;
in_cclass = 1;
}
***************
*** 278,281 ****
--- 308,312 ----
{
pat++;
+ bracklen++;
in_cclass = 0;
}
***************
*** 283,288 ****
{
pat++;
if (*pat == ']') /* right bracket can appear as collating symbol */
! pat++;
in_collsym = 1;
}
--- 314,323 ----
{
pat++;
+ bracklen++;
if (*pat == ']') /* right bracket can appear as collating symbol */
! {
! pat++;
! bracklen++;
! }
in_collsym = 1;
}
***************
*** 290,293 ****
--- 325,329 ----
{
pat++;
+ bracklen++;
in_collsym = 0;
}
***************
*** 295,300 ****
{
pat++;
if (*pat == ']') /* right bracket can appear as equivalence class */
! pat++;
in_equiv = 1;
}
--- 331,340 ----
{
pat++;
+ bracklen++;
if (*pat == ']') /* right bracket can appear as equivalence class */
! {
! pat++;
! bracklen++;
! }
in_equiv = 1;
}
***************
*** 302,310 ****
--- 342,354 ----
{
pat++;
+ bracklen++;
in_equiv = 0;
}
+ else
+ bracklen++;
}
while ((c = *pat++) != ']');
matlen++; /* bracket expression can only match one char */
+ bad_bracket:
break;
}
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 2
#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 3
#endif /* _PATCHLEVEL_H_ */