AC_AUTOCONF_VERSION quoting

Eric Blake Thu, 10 Apr 2008 13:02:28 -0700

Invoking AC_AUTOCONF_VERSION is not robust, since it is conceivable that the 
SHA1 abbreviation of an inter-release version string could match a macro name, 
which would be expanded on the re-scan and change the answer before comparing 
it against a known version string.  I'm committing this.


>From a4112fe312986e5b1053df2b00ed285182f52fdf Mon Sep 17 00:00:00 2001
From: Eric Blake <[EMAIL PROTECTED]>
Date: Thu, 10 Apr 2008 13:57:36 -0600
Subject: [PATCH] AC_AUTOCONF_VERSION might contain arbitrary macro names.

* doc/autoconf.texi (Versioning): Mention problem with expansion.
* tests/tools.at (autoconf: AC_AUTOCONF_VERSION): Adjust test.

Signed-off-by: Eric Blake <[EMAIL PROTECTED]>
---
 ChangeLog         |    6 ++++++
 doc/autoconf.texi |    9 +++++++++
 tests/tools.at    |    2 +-
 3 files changed, 16 insertions(+), 1 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 70528e5..776565c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2008-04-10  Eric Blake  <[EMAIL PROTECTED]>
+
+       AC_AUTOCONF_VERSION might contain arbitrary macro names.
+       * doc/autoconf.texi (Versioning): Mention problem with expansion.
+       * tests/tools.at (autoconf: AC_AUTOCONF_VERSION): Adjust test.
+
 2008-04-09  Slava Sysoltsev <[EMAIL PROTECTED]>  (tiny change)
 
        Flush buffered output before exit.
diff --git a/doc/autoconf.texi b/doc/autoconf.texi
index 49ade0f..8b10387 100644
--- a/doc/autoconf.texi
+++ b/doc/autoconf.texi
@@ -1839,6 +1839,15 @@ conditional fallbacks based on when a feature was added 
to Autoconf,
 rather than using @code{AC_PREREQ} to require the newer version of
 Autoconf.  However, remember that the Autoconf philosophy favors feature
 checks over version checks.
+
+You should never expand this macro directly, but instead use
[EMAIL PROTECTED]([AC_AUTOCONF_VERSION])}.  This is because some users might
+have a beta version of Autoconf installed, with arbitrary letters
+included in its version string.  This means it is possible for the
+version string to contain the name of a defined macro, such that
+expanding @code{AC_AUTOCONF_VERSION} would trigger the expansion of that
+macro during rescanning, and change the version string to be different
+than what you intended to check.
 @end defmac
 
 @node Notices
diff --git a/tests/tools.at b/tests/tools.at
index 7d5de53..c80923d 100644
--- a/tests/tools.at
+++ b/tests/tools.at
@@ -483,7 +483,7 @@ AT_SETUP([autoconf: AC_AUTOCONF_VERSION])
 
 AT_DATA([configure.ac],
 [[AC_INIT
-version AC_AUTOCONF_VERSION version
+version m4_defn([AC_AUTOCONF_VERSION]) version
 AC_OUTPUT
 ]])
 
-- 
1.5.5

AC_AUTOCONF_VERSION quoting

Reply via email to