[PATCH] expand: Fix double-decrement in argstr

Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> · Mon, 25 Feb 2019 14:00:31 +0800

On Sat, Feb 16, 2019 at 10:26:23PM +0000, Martijn Dekker wrote:
> For unset foo:
> 
> dash-git
> $ src/dash -c 'set -- ${foo- bar }; echo "[$1]"'
> [bar ]
> 
> Release versions of dash and all other shells output:
> [bar]
> 
> The change in behaviour appears to have been introduced by commit
> 3cd5386 ("expand: Do not reprocess data when expanding words").

Thanks for catching this!

---8<---
Due to a double decrement in argstr we may miss field separators
at the end of a word in certain situations.

Reported-by: Martijn Dekker <martijn@xxxxxxxx>
Fixes: 3cd538634f71 ("expand: Do not reprocess data when...")
Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>

diff --git a/src/expand.c b/src/expand.c
index af9cac9..e57efa6 100644
--- a/src/expand.c
+++ b/src/expand.c
@@ -285,7 +285,7 @@ start:
 			q = stnputs(p, length, expdest);
 			q[-1] &= end - 1;
 			expdest = q - (flag & EXP_WORD ? end : 0);
-			newloc = expdest - (char *)stackblock() - end;
+			newloc = q - (char *)stackblock() - end;
 			if (breakall && !inquotes && newloc > startloc) {
 				recordregion(startloc, newloc, 0);
 			}
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt






