Yes, the problem is with signed char on some platforms. Similar to "sh_backslash_quote" functions in shquote.c uses "register unsigned char" or "unsigned char" types for variable "c" (see "sh_double_quote" or "sh_backslash_quote_for_double_quotes") but "sh_backslash_quote" still use "int". And it is bug after ac50fb... commit at 2014-02-26. Not fixed yet in master. I think Chet may not know about problem with this function.
2015-03-04 22:27 GMT+03:00 Eric Blake <ebl...@redhat.com>: > On 03/04/2015 10:59 AM, Верещагин Алексей wrote: > > Bash Version: 4.3.33 > > File: lib/sh/shquote.c > > Function: sh_backslash_quote > > Line: if (backslash_table[c] == 1) > > > > Description > > ----------- > > Variable "c" has signed integer type and may be negative (if "string" is > > not only ASCII characters string). But "c" used as an index in > > "backslash_table" array. This causes out of range error and produce > > undefined behavior. > > > > Possible solution > > ----------------- > > Cast variable "c" to unsigned char type: > > if (backslash_table[(unsigned char)c] == 1) > > Similar to this other report: > https://lists.gnu.org/archive/html/bug-bash/2015-01/msg00096.html > > and it looks like Chet has done some work in git at addressing various > call sites, although I have not yet checked if he got them all. > > -- > Eric Blake eblake redhat com +1-919-301-3266 > Libvirt virtualization library http://libvirt.org >
