buildroot

                 BASH PATCH REPORT

                 =================

​

Bash-Release:   4.2

Patch-ID:   bash42-030

​

Bug-Reported-by:    Roman Rakus <rrakus@redhat.com>

Bug-Reference-ID:   <4D7DD91E.7040808@redhat.com>

Bug-Reference-URL:  http://lists.gnu.org/archive/html/bug-bash/2011-03/msg00126.html

​

Bug-Description:

​

When attempting to glob strings in a multibyte locale, and those strings

contain invalid multibyte characters that cause mbsnrtowcs to return 0,

the globbing code loops infinitely.

​

Patch (apply with `patch -p0'):

​

*** ../bash-4.2-patched/lib/glob/xmbsrtowcs.c   2010-05-30 18:36:27.000000000 -0400

--- ./lib/glob/xmbsrtowcs.c 2011-03-22 16:06:47.000000000 -0400

***************

*** 36,39 ****

--- 36,41 ----

  #if HANDLE_MULTIBYTE

+ #define WSBUF_INC 32

+ 

  #ifndef FREE

  #  define FREE(x) do { if (x) free (x); } while (0)

***************

*** 149,153 ****

    size_t wcnum;       /* Number of wide characters in WSBUF */

    mbstate_t state;    /* Conversion State */

!   size_t wcslength;   /* Number of wide characters produced by the conversion. */

    const char *end_or_backslash;

    size_t nms; /* Number of multibyte characters to convert at one time. */

--- 151,155 ----

    size_t wcnum;       /* Number of wide characters in WSBUF */

    mbstate_t state;    /* Conversion State */

!   size_t n, wcslength;    /* Number of wide characters produced by the conversion. */

    const char *end_or_backslash;

    size_t nms; /* Number of multibyte characters to convert at one time. */

***************

*** 172,176 ****

        tmp_p = p;

        tmp_state = state;

!       wcslength = mbsnrtowcs(NULL, &tmp_p, nms, 0, &tmp_state);

        /* Conversion failed. */

--- 174,189 ----

        tmp_p = p;

        tmp_state = state;

! 

!       if (nms == 0 && *p == '\\') /* special initial case */

!   nms = wcslength = 1;

!       else

!   wcslength = mbsnrtowcs (NULL, &tmp_p, nms, 0, &tmp_state);

! 

!       if (wcslength == 0)

!   {

!     tmp_p = p;        /* will need below */

!     tmp_state = state;

!     wcslength = 1;    /* take a single byte */

!   }

        /* Conversion failed. */

***************

*** 187,191 ****

      wchar_t *wstmp;

!     wsbuf_size = wcnum+wcslength+1;   /* 1 for the L'\0' or the potential L'\\' */

      wstmp = (wchar_t *) realloc (wsbuf, wsbuf_size * sizeof (wchar_t));

--- 200,205 ----

      wchar_t *wstmp;

!     while (wsbuf_size < wcnum+wcslength+1) /* 1 for the L'\0' or the potential L'\\' */

!       wsbuf_size += WSBUF_INC;

      wstmp = (wchar_t *) realloc (wsbuf, wsbuf_size * sizeof (wchar_t));

***************

*** 200,207 ****

        /* Perform the conversion. This is assumed to return 'wcslength'.

!        * It may set 'p' to NULL. */

!       mbsnrtowcs(wsbuf+wcnum, &p, nms, wsbuf_size-wcnum, &state);

!       wcnum += wcslength;

        if (mbsinit (&state) && (p != NULL) && (*p == '\\'))

--- 214,229 ----