|
1 BASH PATCH REPORT |
|
2 ================= |
|
3 |
|
4 Bash-Release: 4.3 |
|
5 Patch-ID: bash43-041 |
|
6 |
|
7 Bug-Reported-by: Hanno Böck <[email protected]> |
|
8 Bug-Reference-ID: <20150623131106.6f111da9@pc1>, <20150707004640.0e61d2f9@pc1> |
|
9 Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2015-06/msg00089.html, |
|
10 http://lists.gnu.org/archive/html/bug-bash/2015-07/msg00018.html |
|
11 |
|
12 Bug-Description: |
|
13 |
|
14 There are several out-of-bounds read errors that occur when completing command |
|
15 lines where assignment statements appear before the command name. The first |
|
16 two appear only when programmable completion is enabled; the last one only |
|
17 happens when listing possible completions. |
|
18 |
|
19 Patch (apply with `patch -p0'): |
|
20 |
|
21 *** ../bash-4.3.40/bashline.c 2014-12-29 14:39:43.000000000 -0500 |
|
22 --- bashline.c 2015-08-12 10:21:58.000000000 -0400 |
|
23 *************** |
|
24 *** 1469,1476 **** |
|
25 --- 1469,1489 ---- |
|
26 os = start; |
|
27 n = 0; |
|
28 + was_assignment = 0; |
|
29 s = find_cmd_start (os); |
|
30 e = find_cmd_end (end); |
|
31 do |
|
32 { |
|
33 + /* Don't read past the end of rl_line_buffer */ |
|
34 + if (s > rl_end) |
|
35 + { |
|
36 + s1 = s = e1; |
|
37 + break; |
|
38 + } |
|
39 + /* Or past point if point is within an assignment statement */ |
|
40 + else if (was_assignment && s > rl_point) |
|
41 + { |
|
42 + s1 = s = e1; |
|
43 + break; |
|
44 + } |
|
45 /* Skip over assignment statements preceding a command name. If we |
|
46 don't find a command name at all, we can perform command name |
|
47 *** ../bash-4.3.40/lib/readline/complete.c 2013-10-14 09:27:10.000000000 -0400 |
|
48 --- lib/readline/complete.c 2015-07-31 09:34:39.000000000 -0400 |
|
49 *************** |
|
50 *** 690,693 **** |
|
51 --- 690,695 ---- |
|
52 if (temp == 0 || *temp == '\0') |
|
53 return (pathname); |
|
54 + else if (temp[1] == 0 && temp == pathname) |
|
55 + return (pathname); |
|
56 /* If the basename is NULL, we might have a pathname like '/usr/src/'. |
|
57 Look for a previous slash and, if one is found, return the portion |
|
58 *** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500 |
|
59 --- patchlevel.h 2014-03-20 20:01:28.000000000 -0400 |
|
60 *************** |
|
61 *** 26,30 **** |
|
62 looks for to find the patch level (for the sccs version string). */ |
|
63 |
|
64 ! #define PATCHLEVEL 40 |
|
65 |
|
66 #endif /* _PATCHLEVEL_H_ */ |
|
67 --- 26,30 ---- |
|
68 looks for to find the patch level (for the sccs version string). */ |
|
69 |
|
70 ! #define PATCHLEVEL 41 |
|
71 |
|
72 #endif /* _PATCHLEVEL_H_ */ |