(With apologies to the poster as I accidentally commented off-list ...)
On 22/12/2020 07:42, ffvh gfff wrote:
> Machine: x86_64
> OS: linux-gnu
> Compiler: gcc
> Compilation CFLAGS: -g -O2 -fstack-protector-strong -Wformat
> -Werror=format-security -Wall
> uname output: Linux kali 5.7.0-kali1-amd64 #1 SMP Debian 5.7.6-1kali2
> (2020-07-01) x86_64 GNU/Linux
> Machine Type: x86_64-pc-linux-gnu
>
> Bash Version: 5.1
> Patch Level: 0
> Release Status: release
>
> command line:
> cat poc.txt | while read i; do echo $i;done
You didn't quote the expansion of $i. Therefore, the results of the
expansion are subject to word splitting, with each resulting word being
subject to pathname expansion. See
https://github.com/koalaman/shellcheck/wiki/SC2086.
>
> and
>
> for i in $(cat ~/poc.txt);do echo $i;done
>
> poc.txt have "*" ,then above loops will read all ~/ filename.
> Also i submit report through 'bashbug' , here is for the working POC.
As before, only this time the results of your command substitution are
also subject to word splitting and pathname expansion. See
https://mywiki.wooledge.org/BashPitfalls#pf1.
Neither case demonstrates a bug.
--
Kerin Millar
