Bash-5.3 patch 15

Wed, 10 Jun 2026 06:27:37 -0700 

                             BASH PATCH REPORT
                             =================

Bash-Release:   5.3
Patch-ID:       bash53-015

Bug-Reported-by:        Duncan Roe <[email protected]>
                        Grisha Levit <[email protected]>
Bug-Reference-ID:
Bug-Reference-URL:      
https://lists.gnu.org/archive/html/bug-bash/2025-09/msg00162.html
                        
https://lists.gnu.org/archive/html/bug-bash/2025-10/msg00013.html

Bug-Description:

There are circumstances under which index -1 is used to reference into
the input buffer used by the `read' builtin.

Patch (apply with `patch -p0'):

*** ../bash-5.3-patched/builtins/read.def       Wed Jun 25 15:50:18 2025
--- builtins/read.def   Thu Nov  6 16:51:14 2025
***************
*** 539,543 ****
             protects, then restore input_string so we can use it later */
          orig_input_string = 0;
!         input_string[i] = '\0';       /* make sure it's terminated */
          if (i == 0)
            {
--- 568,573 ----
             protects, then restore input_string so we can use it later */
          orig_input_string = 0;
!         if (i >= 0)
!           input_string[i] = '\0';     /* make sure it's terminated */
          if (i == 0)
            {
***************
*** 593,598 ****
  
          ttset = ttattrs;        
!         i = silent ? ttfd_cbreak (fd, &ttset) : ttfd_onechar (fd, &ttset);
!         if (i < 0)
            sh_ttyerror (1);
          tty_modified = 1;
--- 623,627 ----
  
          ttset = ttattrs;        
!         if ((silent ? ttfd_cbreak (fd, &ttset) : ttfd_onechar (fd, &ttset)) < 
0)
            sh_ttyerror (1);
          tty_modified = 1;
***************
*** 610,615 ****
  
        ttset = ttattrs;
!       i = ttfd_noecho (fd, &ttset);                   /* ttnoecho (); */
!       if (i < 0)
        sh_ttyerror (1);
  
--- 639,643 ----
  
        ttset = ttattrs;
!       if (ttfd_noecho (fd, &ttset) < 0)
        sh_ttyerror (1);


*** ../bash-5.3/patchlevel.h    2020-06-22 14:51:03.000000000 -0400
--- patchlevel.h        2020-10-01 11:01:28.000000000 -0400
***************
*** 26,30 ****
     looks for to find the patch level (for the sccs version string). */
  
! #define PATCHLEVEL 14
  
  #endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
     looks for to find the patch level (for the sccs version string). */
  
! #define PATCHLEVEL 15
  
  #endif /* _PATCHLEVEL_H_ */

-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU    [email protected]    http://tiswww.cwru.edu/~chet/

Reply via email to