Consider the following script:
#!/bin/bash
f() {
ls missing-file 2> /dev/null
echo "test"
}
# 1
(set -e; f); ret=$?
if (( ret )); then
echo "failed"
exit 1
fi
# 2
(set -e; f) || {
echo "failed"
exit 1
}
Running the block labelled '1' prints "fail
A use-after-free happens in expand_string_dollar_quote if
noexpand_translation is enabled and a string's translation is the same
length as the string itself.
---
diff --git a/subst.c b/subst.c
index 08d9285e..a7a386d4 100644
--- a/subst.c
+++ b/subst.c
@@ -4231,12 +4231,17 @@ expand_string_dollar_q
