Package: coreutils Version: 8.32-4 Severity: normal File: /usr/bin/printf Dear Maintainer,
Consider the following invocation:
/bin/printf "%q" $'\001'\'$'\001'
(i.e. 1st=dollar+letter q, 2nd=byte 1+apostrophe+byte 1)
What do you expect the output to be? I'd expect something like
$'\001'\'$'\001'
or, in the, rather verbose, printf format,
''$'\001'\'''$'\001'
Okay, now what does the invocation output?
'\001'\'''$'\001'
Uh-oh! And what fill feeding that into an Almquist shell give?
$ echo -n '\001'\'''$'\001' | hexdump -C
00000000 5c 30 30 31 27 01 |\001'.|
00000006
Sheesh!
As far as I can tell, a sequence of any string that needs escaping,
followed by an apostrophe, followed by another string that needs
escaping will trigger this, and the example above is the minimal case.
наб
-- System Information:
Debian Release: 11.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: x32 (x86_64)
Foreign Architectures: amd64, i386
Kernel: Linux 5.10.0-8-amd64 (SMP w/2 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages coreutils depends on:
ii libacl1 2.2.53-10
ii libattr1 1:2.4.48-6
ii libc6 2.31-13
ii libgmp10 2:6.2.1+dfsg-1
ii libselinux1 3.1-3
coreutils recommends no packages.
coreutils suggests no packages.
-- no debconf information
signature.asc
Description: PGP signature
