diff options
| author | Herbert Xu <herbert@gondor.apana.org.au> | 2021-06-21 17:57:19 +0800 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2021-09-03 15:02:45 +0800 |
| commit | 2cb4711364517add3ef204863e1993241ba18c54 (patch) | |
| tree | 857aca678bce2a3fa8cb2d415ad71e3b3748b61e /src/alias.h | |
| parent | Release 0.5.11.4. (diff) | |
| download | dash-2cb4711364517add3ef204863e1993241ba18c54.tar.gz dash-2cb4711364517add3ef204863e1993241ba18c54.zip | |
parser: Fix VSLENGTH parsing with trailing garbage
On Sat, Jun 19, 2021 at 02:44:46PM +0200, Denys Vlasenko wrote:
>
> CTLVAR and CTLBACKQ are not properly handled if encountered
> inside {$#...}. Testcase:
>
> dash -c "`printf 'echo ${#1\x82}'`" 00 111 222
>
> It should execute "echo ${#1 <byte 0x82> }" and thus print "3"
> (the length of $1, which is "111").
>
> Instead, it segfaults.
>
> (Ideally, it should fail since "1 <byte 0x82>" is not a valid
> variable name, but currently dash accepts e.g. "${#1abc}"
> as if it is "${#1}bc". A separate, less serious bug...).
In fact these two bugs are one and the same. This patch fixes
both by detecting the invalid substitution and not emitting it
into the node tree.
Incidentally this reveals a bug in how we parse ${#10} that got
introduced recently, which is also fixed here.
Reported-by: Denys Vlasenko <vda.linux@googlemail.com>
Fixes: 7710a926b321 ("parser: Only accept single-digit parameter...")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'src/alias.h')
0 files changed, 0 insertions, 0 deletions