From 2190a70e6324494accf7747d2aa9f5e8702d875c Mon Sep 17 00:00:00 2001 From: Michal Zalewski Date: Fri, 10 Oct 2014 11:13:43 +0100 Subject: bugfix: invalid memory access This is an upstream bugfix: Patch-ID: bash42-052 When bash is parsing a function definition that contains a here-document delimited by end-of-file (or end-of-string), it leaves the closing delimiter uninitialized. This can result in an invalid memory access when the parsed function is later copied. Change-Id: I033a2062a3e8265ceda3ed4a61d2afb53581f71f --- copy_cmd.c | 2 +- make_cmd.c | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/copy_cmd.c b/copy_cmd.c index 911d34f..826e0c3 100644 --- a/copy_cmd.c +++ b/copy_cmd.c @@ -126,7 +126,7 @@ copy_redirect (redirect) { case r_reading_until: case r_deblank_reading_until: - new_redirect->here_doc_eof = savestring (redirect->here_doc_eof); + new_redirect->here_doc_eof = redirect->here_doc_eof ? savestring (redirect->here_doc_eof) : 0; /*FALLTHROUGH*/ case r_reading_string: case r_appending_to: diff --git a/make_cmd.c b/make_cmd.c index 2eb4fda..4fcfc2e 100644 --- a/make_cmd.c +++ b/make_cmd.c @@ -689,6 +689,7 @@ make_redirection (source, instruction, dest_and_filename, flags) /* First do the common cases. */ temp->redirector = source; temp->redirectee = dest_and_filename; + temp->here_doc_eof = 0; temp->instruction = instruction; temp->flags = 0; temp->rflags = flags; -- cgit v1.1