diff options
Diffstat (limited to 'debian/patches/bash43-009.diff')
| -rw-r--r-- | debian/patches/bash43-009.diff | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/debian/patches/bash43-009.diff b/debian/patches/bash43-009.diff new file mode 100644 index 0000000..00477c0 --- /dev/null +++ b/debian/patches/bash43-009.diff @@ -0,0 +1,55 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 4.3 +Patch-ID: bash43-009 + +Bug-Reported-by: Matthias Klose <doko@debian.org> +Bug-Reference-ID: <53346FC8.6090005@debian.org> +Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-03/msg00171.html + +Bug-Description: + +There is a problem with unsigned sign extension when attempting to reallocate +the input line when it is fewer than 3 characters long and there has been a +history expansion. The sign extension causes the shell to not reallocate the +line, which results in a segmentation fault when it writes past the end. + +Index: b/parse.y +=================================================================== +--- a/parse.y ++++ b/parse.y +@@ -2424,7 +2424,7 @@ + not already end in an EOF character. */ + if (shell_input_line_terminator != EOF) + { +- if (shell_input_line_size < SIZE_MAX && shell_input_line_len > shell_input_line_size - 3) ++ if (shell_input_line_size < SIZE_MAX-3 && (shell_input_line_len+3 > shell_input_line_size)) + shell_input_line = (char *)xrealloc (shell_input_line, + 1 + (shell_input_line_size += 2)); + +Index: b/patchlevel.h +=================================================================== +--- a/patchlevel.h ++++ b/patchlevel.h +@@ -25,6 +25,6 @@ + regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh + looks for to find the patch level (for the sccs version string). */ + +-#define PATCHLEVEL 8 ++#define PATCHLEVEL 9 + + #endif /* _PATCHLEVEL_H_ */ +Index: b/y.tab.c +=================================================================== +--- a/y.tab.c ++++ b/y.tab.c +@@ -4736,7 +4736,7 @@ + not already end in an EOF character. */ + if (shell_input_line_terminator != EOF) + { +- if (shell_input_line_size < SIZE_MAX && shell_input_line_len > shell_input_line_size - 3) ++ if (shell_input_line_size < SIZE_MAX-3 && (shell_input_line_len+3 > shell_input_line_size)) + shell_input_line = (char *)xrealloc (shell_input_line, + 1 + (shell_input_line_size += 2)); + |