[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
unset IFS and ${v=$*} CTLNUL leakage
|
From: |
Grisha Levit |
|
Subject: |
unset IFS and ${v=$*} CTLNUL leakage |
|
Date: |
Mon, 4 Mar 2019 22:53:10 -0500 |
The changes in [1] to parameter_brace_expand_rhs (for the fix for [2])
created (exposed?) an issue with ${var=$*} expansion when $* is
multiple nulls and IFS is unset:
$ unset -v IFS v; set -- '' ''; printf '<%q>' ${v=$*}
<$'\177'><$'\177'>
Uncommmenting the itrace lines shows:
TRACE: pid 86967: param_expand: `${v=$*}' pflags = 0
TRACE: pid 86967: parameter_brace_expand_rhs: v:$* pflags = 0
TRACE: pid 86967: param_expand: `$*' pflags = 12
TRACE: pid 86967: parameter_brace_expand_rhs: v:$*: l != NULL, set
*qdollaratp
OTOH, if IFS is set:
$ IFS=x; set -- '' ''; printf '<%q>' ${v=$*}
<''>
And:
TRACE: pid 88443: param_expand: `${v=$*}' pflags = 0
TRACE: pid 88443: parameter_brace_expand_rhs: v:$* pflags = 0
TRACE: pid 88443: param_expand: `$*' pflags = 12
This seems to be related to the special-casing of unset IFS at [3]
which I don't really understand if an unset IFS is supposed to be the
same as $' \t\n'. Getting rid of that "IFS unset" case and having the
"IFS set to non-null value" case apply to unset IFS seems to resolve
this issue.
[1]:
https://git.savannah.gnu.org/cgit/bash.git/diff/subst.c?h=devel&id=2e4125745321da8cea9cd814173393d22cb74c60
[2]: https://lists.gnu.org/archive/html/bug-bash/2017-12/msg00052.html
[3]:
https://git.savannah.gnu.org/cgit/bash.git/tree/subst.c?h=devel&id=e230f9979dad9cbe7e6774862e3c10d902ba3490#n9318
- unset IFS and ${v=$*} CTLNUL leakage,
Grisha Levit <=