1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
BASH PATCH REPORT
=================
Bash-Release: 5.2
Patch-ID: bash52-005
Bug-Reported-by: Justin Wood (Callek) <callek@gmail.com>
Bug-Reference-ID: <CANBDKY9fp2yiXONP7RY4kNuRteuovUebxSJaqePHeu7cyaFS9Q@mail.gmail.com>
Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-bash/2022-10/msg00088.html
Bug-Description:
Null pattern substitution replacement strings can cause a crash.
--- a/patchlevel.h
+++ b/patchlevel.h
@@ -25,6 +25,6 @@
regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
looks for to find the patch level (for the sccs version string). */
-#define PATCHLEVEL 4
+#define PATCHLEVEL 5
#endif /* _PATCHLEVEL_H_ */
--- a/subst.c
+++ b/subst.c
@@ -8965,7 +8965,8 @@ pat_subst (string, pat, rep, mflags)
return (ret);
}
else if (*string == 0 && (match_pattern (string, pat, mtype, &s, &e) != 0))
- return ((mflags & MATCH_EXPREP) ? strcreplace (rep, '&', "", 2) : savestring (rep));
+ return (mflags & MATCH_EXPREP) ? strcreplace (rep, '&', "", 2)
+ : (rep ? savestring (rep) : savestring (""));
ret = (char *)xmalloc (rsize = 64);
ret[0] = '\0';
|
