On 8/13/16 10:01 PM, John E. Malmberg wrote:
> Hello,
>
> In Bash 4.3.42:
>
> In execute_cmd/shell_execve(), if HAVE_BASH_BANG_EXEC is defined, the macro
> READ_SAMPLE_BUF has the potential to set sample_len to -1.
>
> #if defined (HAVE_HASH_BANG_EXEC)
> READ_SAMPLE_BUF (command, sample, sample_len);
> sample[sample_len - 1] = '\0';
>
> This would cause sample[-2] to be set to 0. Most likely it would set part
> of fd to 0, but all that depends on the compiler.
Thanks for the report. Since this code path is taken on failure, and the
child process exits immediately afterward, it's likely not dangerous.
Chet
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU c...@case.edu http://cnswww.cns.cwru.edu/~chet/
