In builtins/mapfile.def there's this line:
snprintf (execstr, execlen, "%s %d %s", callback, curindex, qline);
If the callback is empty, bash runs ''
This smells a lot like code injection.
$ echo 'echo hello from $0' > ~/bin/0
$ chmod +x ~/bin/0
$ cp ~/bin/{0,1}
$ echo -e 'x\ny' | mapfile -c1 -C
Ignore the patch, it's stupid.
Maybe check if the callback is a function?
---
xoxo iza
On 5/6/15 11:16 PM, isabella parakiss wrote:
> Sorry, the previous patch was wrong, it enters an endless loop when
> replacing all the occurrencies in ${var//pat/rep}
Thanks for the patch, this looks right. I had to make a couple of changes
to match_pattern_{char,wchar}, since your change allows
On 5/8/15 3:50 AM, Harri Porten wrote:
> Hi!
>
> I don't know whether Bash developers are using code coverage analysis for
> their QA efforts. If not, you might be interested in taking a look at the
> report we created using our company's tool:
>
> http://www.opencoverage.net/bash/index_html/sou
On 5/10/15 5:57 AM, isabella parakiss wrote:
> In builtins/mapfile.def there's this line:
> snprintf (execstr, execlen, "%s %d %s", callback, curindex, qline);
>
> If the callback is empty, bash runs ''
> This smells a lot like code injection.
It might smell like that, but it looks more like some
On 5/10/15 6:52 AM, isabella parakiss wrote:
> Maybe check if the callback is a function?
The callback doesn't have to be a function. Some things might be easier
if it is, but there's no requirement.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa,
