bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bash-4.2 Official Patch 30


From: Chet Ramey
Subject: Bash-4.2 Official Patch 30
Date: Tue, 10 Jul 2012 12:01:33 -0400

                             BASH PATCH REPORT
                             =================

Bash-Release:   4.2
Patch-ID:       bash42-030

Bug-Reported-by:        Roman Rakus <rrakus@redhat.com>
Bug-Reference-ID:       <4D7DD91E.7040808@redhat.com>
Bug-Reference-URL:      
http://lists.gnu.org/archive/html/bug-bash/2011-03/msg00126.html

Bug-Description:

When attempting to glob strings in a multibyte locale, and those strings
contain invalid multibyte characters that cause mbsnrtowcs to return 0,
the globbing code loops infinitely.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/lib/glob/xmbsrtowcs.c   2010-05-30 18:36:27.000000000 
-0400
--- lib/glob/xmbsrtowcs.c       2011-03-22 16:06:47.000000000 -0400
***************
*** 36,39 ****
--- 36,41 ----
  #if HANDLE_MULTIBYTE
  
+ #define WSBUF_INC 32
+ 
  #ifndef FREE
  #  define FREE(x)     do { if (x) free (x); } while (0)
***************
*** 149,153 ****
    size_t wcnum;               /* Number of wide characters in WSBUF */
    mbstate_t state;    /* Conversion State */
!   size_t wcslength;   /* Number of wide characters produced by the 
conversion. */
    const char *end_or_backslash;
    size_t nms; /* Number of multibyte characters to convert at one time. */
--- 151,155 ----
    size_t wcnum;               /* Number of wide characters in WSBUF */
    mbstate_t state;    /* Conversion State */
!   size_t n, wcslength;        /* Number of wide characters produced by the 
conversion. */
    const char *end_or_backslash;
    size_t nms; /* Number of multibyte characters to convert at one time. */
***************
*** 172,176 ****
        tmp_p = p;
        tmp_state = state;
!       wcslength = mbsnrtowcs(NULL, &tmp_p, nms, 0, &tmp_state);
  
        /* Conversion failed. */
--- 174,189 ----
        tmp_p = p;
        tmp_state = state;
! 
!       if (nms == 0 && *p == '\\')     /* special initial case */
!       nms = wcslength = 1;
!       else
!       wcslength = mbsnrtowcs (NULL, &tmp_p, nms, 0, &tmp_state);
! 
!       if (wcslength == 0)
!       {
!         tmp_p = p;            /* will need below */
!         tmp_state = state;
!         wcslength = 1;        /* take a single byte */
!       }
  
        /* Conversion failed. */
***************
*** 187,191 ****
          wchar_t *wstmp;
  
!         wsbuf_size = wcnum+wcslength+1;       /* 1 for the L'\0' or the 
potential L'\\' */
  
          wstmp = (wchar_t *) realloc (wsbuf, wsbuf_size * sizeof (wchar_t));
--- 200,205 ----
          wchar_t *wstmp;
  
!         while (wsbuf_size < wcnum+wcslength+1) /* 1 for the L'\0' or the 
potential L'\\' */
!           wsbuf_size += WSBUF_INC;
  
          wstmp = (wchar_t *) realloc (wsbuf, wsbuf_size * sizeof (wchar_t));
***************
*** 200,207 ****
  
        /* Perform the conversion. This is assumed to return 'wcslength'.
!        * It may set 'p' to NULL. */
!       mbsnrtowcs(wsbuf+wcnum, &p, nms, wsbuf_size-wcnum, &state);
  
!       wcnum += wcslength;
  
        if (mbsinit (&state) && (p != NULL) && (*p == '\\'))
--- 214,229 ----
  
        /* Perform the conversion. This is assumed to return 'wcslength'.
!        It may set 'p' to NULL. */
!       n = mbsnrtowcs(wsbuf+wcnum, &p, nms, wsbuf_size-wcnum, &state);
  
!       /* Compensate for taking single byte on wcs conversion failure above. */
!       if (wcslength == 1 && (n == 0 || n == (size_t)-1))
!       {
!         state = tmp_state;
!         p = tmp_p;
!         wsbuf[wcnum++] = *p++;
!       }
!       else
!         wcnum += wcslength;
  
        if (mbsinit (&state) && (p != NULL) && (*p == '\\'))
***************
*** 231,236 ****
     of DESTP and INDICESP are NULL. */
  
- #define WSBUF_INC 32
- 
  size_t
  xdupmbstowcs (destp, indicesp, src)
--- 253,256 ----
*** ../bash-4.2-patched/lib/glob/glob.c 2009-11-14 18:39:30.000000000 -0500
--- lib/glob/glob.c     2012-07-07 12:09:56.000000000 -0400
***************
*** 201,206 ****
    size_t pat_n, dn_n;
  
    pat_n = xdupmbstowcs (&pat_wc, NULL, pat);
!   dn_n = xdupmbstowcs (&dn_wc, NULL, dname);
  
    ret = 0;
--- 201,209 ----
    size_t pat_n, dn_n;
  
+   pat_wc = dn_wc = (wchar_t *)NULL;
+ 
    pat_n = xdupmbstowcs (&pat_wc, NULL, pat);
!   if (pat_n != (size_t)-1)
!     dn_n = xdupmbstowcs (&dn_wc, NULL, dname);
  
    ret = 0;
***************
*** 222,225 ****
--- 225,230 ----
        ret = 1;
      }
+   else
+     ret = skipname (pat, dname, flags);
  
    FREE (pat_wc);
***************
*** 267,272 ****
    n = xdupmbstowcs (&wpathname, NULL, pathname);
    if (n == (size_t) -1)
!     /* Something wrong. */
!     return;
    orig_wpathname = wpathname;
  
--- 272,280 ----
    n = xdupmbstowcs (&wpathname, NULL, pathname);
    if (n == (size_t) -1)
!     {
!       /* Something wrong.  Fall back to single-byte */
!       udequote_pathname (pathname);
!       return;
!     }
    orig_wpathname = wpathname;
  
*** ../bash-4.2-patched/patchlevel.h    Sat Jun 12 20:14:48 2010
--- patchlevel.h        Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
     looks for to find the patch level (for the sccs version string). */
  
! #define PATCHLEVEL 29
  
  #endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
     looks for to find the patch level (for the sccs version string). */
  
! #define PATCHLEVEL 30
  
  #endif /* _PATCHLEVEL_H_ */

-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    chet@case.edu    http://cnswww.cns.cwru.edu/~chet/



reply via email to

[Prev in Thread] Current Thread [Next in Thread]