2022年9月30日(金) 19:50 Koichi Murase <myoga.mur...@gmail.com>:
> 2022年9月30日(金) 19:37 Emanuele Torre <torreemanue...@gmail.com>:
> > In bash-5.2, using the ${parameter@Q} parameter expansion with an unset
> > parameter, in an array subscript, in an arithmetic context, causes a
> > segmentation fault.
>
> It seems even ((y[$a])) in arithmetic contexts causes a segfault:I attach a patch [0001-subst-handle-null-substring.patch]. This is caused in the following way: In `expand_array_subscript' (subst.c), NULL is returned by `expand_subscript_string' and is passed to `sh_backslash_quote', but `sh_backslash_quote' assumes a non-NULL pointer to a string as the first argument. FYI, this is the backtrace in my system: (gdb) bt #0 0x00007ffff7d5b7fd in __strlen_avx2 () from /lib64/libc.so.6 #1 0x00000000004cff6e in sh_backslash_quote () #2 0x000000000047837c in expand_word_internal () #3 0x000000000047ddba in expand_arith_string () #4 0x000000000043fd06 in execute_command_internal () #5 0x00000000004ae8c1 in parse_and_execute () #6 0x000000000042417a in run_one_command.isra () #7 0x0000000000422bda in main () -- Koichi
From a440a1443c0d5ca53e5d5373d638cc452982d9c4 Mon Sep 17 00:00:00 2001 From: Koichi Murase <myoga.mur...@gmail.com> Date: Fri, 30 Sep 2022 20:07:25 +0900 Subject: [PATCH 1/2] subst: properly handle null substring --- subst.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/subst.c b/subst.c index 89e40688..d7136b56 100644 --- a/subst.c +++ b/subst.c @@ -10862,7 +10862,7 @@ expand_array_subscript (string, sindex, quoted, flags) exp = substring (string, si+1, ni); t = expand_subscript_string (exp, quoted & ~(Q_ARITH|Q_DOUBLE_QUOTES)); free (exp); - exp = sh_backslash_quote (t, abstab, 0); + exp = sh_backslash_quote (t == NULL ? "" : t, abstab, 0); free (t); slen = STRLEN (exp); -- 2.37.2
