Hi Eric,

> On Jan 20, 2015, at 5:34 PM, Eric Blake <ebl...@redhat.com> wrote:
> 
> On 01/20/2015 10:24 AM, Gary V. Vaughan wrote:
> 
>>    * gl/build-aux/bootstrap.in, gl/build-aux/extract-trace,
>>    gl/build-aux/funclib.sh, gl/build-aux/options-parser: Sync with
>>    upstream.
> 
>> @@ -2267,11 +2267,12 @@ func_tool_version_number ()
>> {
>>     $debug_cmd
>> 
>> -    _G_verout=`func_tool_version_output "$@" |sed 1q`
>> +    _G_verout=`func_tool_version_output "$@"`
>>     _G_status=$?
>> 
>>     # A version number starts with a digit following a space on the first
>>     # line of output from `--version`.
>> +    _G_verout=`echo "$_G_verout" |sed 1q`
> 
> How probable is it that $_G_verout will ever be output captured from
> some tool that includes \ in its output?  If so, you'd want to use
> printf to make sure you don't run foul of a shell where \ is
> interpolated by echo.

Excepting deliberately malicious output, I would say the chances are
vanishingly small... but your suggestion is a good one all the same :-)

Applied upstream, and coming to a Libtool near you soon!

Cheers,
-- 
Gary V. Vaughan (gary AT gnu DOT org)

_______________________________________________
https://lists.gnu.org/mailman/listinfo/libtool

Reply via email to