upstream/oracle/userland-gate: comparison components/bash/patches/bash44-006.patch

equal deleted inserted replaced

-:ab2133773782
+:75e376a3da00
+			     BASH PATCH REPORT
+			     =================
+Bash-Release:	4.4
+Patch-ID:	bash44-006
+Bug-Reported-by:	<[email protected]>
+Bug-Reference-ID:	<CAEr-gPFPvqheiAeENmMkEwWRd4U=1iqCsYmR3sLdULOqL++_tQ@mail.gmail.com>
+Bug-Reference-URL:
+Bug-Description:
+Out-of-range negative offsets to popd can cause the shell to crash attempting
+to free an invalid memory block.
+Patch (apply with `patch -p0'):
+*** ../bash-4.4-patched/builtins/pushd.def	2016-01-25 13:31:49.000000000 -0500
+--- builtins/pushd.def	2016-10-28 10:46:49.000000000 -0400
+***************
+*** 366,370 ****
+}
+!   if (which > directory_list_offset || (directory_list_offset == 0 && which == 0))
+{
+pushd_error (directory_list_offset, which_word ? which_word : "");
+--- 366,370 ----
+}
+!   if (which > directory_list_offset || (which < -directory_list_offset) || (directory_list_offset == 0 && which == 0))
+{
+pushd_error (directory_list_offset, which_word ? which_word : "");
+***************
+*** 388,391 ****
+--- 388,396 ----
+	 of the list into place. */
+i = (direction == '+') ? directory_list_offset - which : which;
++       if (i < 0 || i > directory_list_offset)
++ 	{
++ 	  pushd_error (directory_list_offset, which_word ? which_word : "");
++ 	  return (EXECUTION_FAILURE);
++ 	}
+free (pushd_directory_list[i]);
+directory_list_offset--;
+*** ../bash-4.4/patchlevel.h	2016-06-22 14:51:03.000000000 -0400
+--- patchlevel.h	2016-10-01 11:01:28.000000000 -0400
+***************
+*** 26,30 ****
+looks for to find the patch level (for the sccs version string). */
+! #define PATCHLEVEL 5
+#endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+looks for to find the patch level (for the sccs version string). */
+! #define PATCHLEVEL 6
+#endif /* _PATCHLEVEL_H_ */

changeset 7611	75e376a3da00
child 7612	b9fb75ff5a92