Hi Eric, > On Jan 20, 2015, at 5:34 PM, Eric Blake <ebl...@redhat.com> wrote: > > On 01/20/2015 10:24 AM, Gary V. Vaughan wrote: > >> * gl/build-aux/bootstrap.in, gl/build-aux/extract-trace, >> gl/build-aux/funclib.sh, gl/build-aux/options-parser: Sync with >> upstream. > >> @@ -2267,11 +2267,12 @@ func_tool_version_number () >> { >> $debug_cmd >> >> - _G_verout=`func_tool_version_output "$@" |sed 1q` >> + _G_verout=`func_tool_version_output "$@"` >> _G_status=$? >> >> # A version number starts with a digit following a space on the first >> # line of output from `--version`. >> + _G_verout=`echo "$_G_verout" |sed 1q` > > How probable is it that $_G_verout will ever be output captured from > some tool that includes \ in its output? If so, you'd want to use > printf to make sure you don't run foul of a shell where \ is > interpolated by echo.
Excepting deliberately malicious output, I would say the chances are vanishingly small... but your suggestion is a good one all the same :-) Applied upstream, and coming to a Libtool near you soon! Cheers, -- Gary V. Vaughan (gary AT gnu DOT org) _______________________________________________ https://lists.gnu.org/mailman/listinfo/libtool