summaryrefslogtreecommitdiff
path: root/source/a/bash/bash-5.0-patches/bash50-008
blob: b09d6b33ac731211a1b06b4885675b0e5b7ecb5a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
			     BASH PATCH REPORT
			     =================

Bash-Release:	5.0
Patch-ID:	bash50-008

Bug-Reported-by:	Michael Albinus <michael.albinus@gmx.de>
Bug-Reference-ID:	<87bm36k3kz.fsf@gmx.de>
Bug-Reference-URL:	https://lists.gnu.org/archive/html/bug-bash/2019-02/msg00111.html

Bug-Description:

When HISTSIZE is set to 0, history expansion can leave the history length
set to an incorrect value, leading to subsequent attempts to access invalid
memory.

Patch (apply with `patch -p0'):

*** ../bash-5.0-patched/bashhist.c	2018-07-05 22:41:14.000000000 -0400
--- bashhist.c	2019-02-20 16:20:04.000000000 -0500
***************
*** 561,573 ****
    if (!history_expansion_inhibited && history_expansion && history_expansion_p (line))
      {
        /* If we are expanding the second or later line of a multi-line
  	 command, decrease history_length so references to history expansions
  	 in these lines refer to the previous history entry and not the
  	 current command. */
        if (history_length > 0 && command_oriented_history && current_command_first_line_saved && current_command_line_count > 1)
          history_length--;
        expanded = history_expand (line, &history_value);
        if (history_length >= 0 && command_oriented_history && current_command_first_line_saved && current_command_line_count > 1)
!         history_length++;
  
        if (expanded)
--- 561,576 ----
    if (!history_expansion_inhibited && history_expansion && history_expansion_p (line))
      {
+       int old_len;
+ 
        /* If we are expanding the second or later line of a multi-line
  	 command, decrease history_length so references to history expansions
  	 in these lines refer to the previous history entry and not the
  	 current command. */
+       old_len = history_length;
        if (history_length > 0 && command_oriented_history && current_command_first_line_saved && current_command_line_count > 1)
          history_length--;
        expanded = history_expand (line, &history_value);
        if (history_length >= 0 && command_oriented_history && current_command_first_line_saved && current_command_line_count > 1)
!         history_length = old_len;
  
        if (expanded)

*** ../bash-5.0/patchlevel.h	2016-06-22 14:51:03.000000000 -0400
--- patchlevel.h	2016-10-01 11:01:28.000000000 -0400
***************
*** 26,30 ****
     looks for to find the patch level (for the sccs version string). */
  
! #define PATCHLEVEL 7
  
  #endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
     looks for to find the patch level (for the sccs version string). */
  
! #define PATCHLEVEL 8
  
  #endif /* _PATCHLEVEL_H_ */