diff options
author | Rob Landley <rob@landley.net> | 2020-09-05 04:06:06 -0500 |
---|---|---|
committer | Rob Landley <rob@landley.net> | 2020-09-05 04:06:06 -0500 |
commit | a7fe8d598ce8f4b0163ba72609aaa2c66f6a4315 (patch) | |
tree | e9ce229cfdff42d57f0cc632aacc86ff3a20e4fd | |
parent | 1ff35e6c508fc605fd4268d479e5473f50debb67 (diff) | |
download | toybox-a7fe8d598ce8f4b0163ba72609aaa2c66f6a4315.tar.gz |
Fix segfault for sh -c 'echo {a..Z}'
Bash produces different output for that test, but I'm not sure I care?
http://lists.landley.net/pipermail/toybox-landley.net/2020-September/011990.html
The problem is parse_word() guarantees its output's quotes/escapes
are completed, but brace expansion happens after parse_word() and thus
violating assumptions later code depends on to not do redundant error
checking. The easy fix is to escape punctuation produced by parse_word
(which in bash can only happen when you span upper and lower case ranges
so "\" is the only interesting character). I could special case this to
match bash exactly, but I'm waiting for someone to complain instead.
-rw-r--r-- | toys/pending/sh.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/toys/pending/sh.c b/toys/pending/sh.c index 797b96a3..4c3735d7 100644 --- a/toys/pending/sh.c +++ b/toys/pending/sh.c @@ -1417,10 +1417,10 @@ static int expand_arg(struct sh_arg *arg, char *old, unsigned flags, if (!bnext || bb->cnt<0 || bnext->commas[0]>bb->commas[bb->idx+1]) { // output uninterrupted span - if (bb->cnt<0) - s += sprintf(s, (bb->cnt==-1) ? "%c" : "%d", - bb->commas[2]+bb->commas[4]*bb->idx); - else { + if (bb->cnt<0) { + k = bb->commas[2]+bb->commas[4]*bb->idx; + s += sprintf(s, (bb->cnt==-1) ? "\\%c"+!ispunct(k) : "%d", k); + } else { i = bb->commas[bstk->idx]+1; s = stpncpy(s, old+i, bb->commas[bb->idx+1]-i); } |