blob: 301bce7a9b7f2efad99dce24ab89f1555b2a7be9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
BASH PATCH REPORT
=================
Bash-Release: 5.2
Patch-ID: bash52-013
Bug-Reported-by: Ralf Oehler <Ralf@Oehler-Privat.de>
Bug-Reference-ID: <20221120140252.2fc6489b@bilbo>
Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-bash/2022-11/msg00082.html
Bug-Description:
Bash can leak memory when referencing a non-existent associative array
element.
--- a/patchlevel.h
+++ b/patchlevel.h
@@ -25,6 +25,6 @@
regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
looks for to find the patch level (for the sccs version string). */
-#define PATCHLEVEL 12
+#define PATCHLEVEL 13
#endif /* _PATCHLEVEL_H_ */
--- a/subst.c
+++ b/subst.c
@@ -7497,8 +7497,6 @@ expand_arrayref:
? quote_string (temp)
: quote_escapes (temp);
rflags |= W_ARRAYIND;
- if (estatep)
- *estatep = es; /* structure copy */
}
/* Note that array[*] and array[@] expanded to a quoted null string by
returning the W_HASQUOTEDNULL flag to the caller in addition to TEMP. */
@@ -7507,7 +7505,9 @@ expand_arrayref:
else if (es.subtype == 2 && temp && QUOTED_NULL (temp) && (quoted & (Q_DOUBLE_QUOTES|Q_HERE_DOCUMENT)))
rflags |= W_HASQUOTEDNULL;
- if (estatep == 0)
+ if (estatep)
+ *estatep = es; /* structure copy */
+ else
flush_eltstate (&es);
}
#endif
|
