Configuration Information [Automatically generated, do not change]: Machine: x86_64 OS: linux-gnu Compiler: gcc Compilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='x86_64' -DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='x86_64-pc-linux-gnu' -DCONF_VENDOR='pc' -DLOCALEDIR='/usr/share/locale' -DPACKAGE='bash' -DSHELL -DHAVE_CONFIG_H -I. -I../. -I.././include -I.././lib -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 -fdebug-prefix-map=/build/bash-N2nMjo/bash-4.4.18=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -Wno-parentheses -Wno-format-security uname output: Linux sojojojo 5.3.0-46-generic #38~18.04.1-Ubuntu SMP Tue Mar 31 04:17:56 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux Machine Type: x86_64-pc-linux-gnu
Bash Version: 4.4 Patch Level: 20 Release Status: release Also occurs on 5.0.7(1)-release Description: printf %q with a truncating size will emit partially escaped sequence thus losing the safety and composability that %q is intended to provide. Repeat-By: $ printf 'echo %.2q%q\n' "a'b" ';ls' echo a\\;ls The semi-colon is no longer escaped, the expectation of the %q formatter is lost Fix: If it the escape sequence that is to be limited in size, then it should avoid emitting a partial sequence If the product of the sequence is to be limited in size, then the truncating size quantifer should apply to the input, so that it will emit output which will produce a value of the specified length
