commit bash-20140425 snapshot

CWRU/CWRU.chlog

@@ -6149,3 +6149,47 @@ builtins/hash.def
 	- print_portable_hash_info: single-quote pathnames and hashed filenames
 	  that contain shell metacharacters.  Fixes bug reported by
 	  <g1pi@libero.it> in debian bash bug #739853
+
+				   4/23
+				   ----
+{bashhist,bashline}.c
+builtins{bind,help,type}.def
+lib/glob/glob.c, lib/intl/{loadmsgcat,localealias}.c,lib/sh/mktime.c
+	- fixes to memory leaks uncovered by coverity scan
+
+				   4/24
+				   ----
+{bashhist,subst,redir,assoc,jobs,array,trap}.c
+lib/intl/l10flist.c
+builtins/complete.def
+	- fixes to memory leaks and other resource usage problems uncovered by
+	  coverity scan
+
+redir.c
+	- do_redirection_internal: if dup2 fails (presumably because of a
+	  resource limit), close the file descriptor we opened before returning
+	  error
+
+				   4/25
+				   ----
+config-top.h
+	- DEFAULT_BASHRC: new define with the name of the default shell
+	  startup file
+
+bashline.c
+	- bash_directory_completion_matches: don't dequote the directory name.
+	  If rl_completion_found_quote is non-zero, readline will dequote the
+	  filename itself.  Fixes bug reported by Clark Wang
+	  <dearvoid@gmail.com>
+
+				   4/27
+				   ----
+subst.c
+	- parameter_brace_expand_indir: if parameter_brace_find_indir returns
+	  NULL or "", report an error and return &expand_param_error so the
+	  error can propagate up
+	- parameter_brace_expand_rhs: if parameter_brace_find_indir returns
+	  NULL or "", or if it returns something that is not a valid identifier,
+	  report an error and return &expand_wdesc_error so the error can
+	  propagate up.  Fixes bug reported by Andre Holzhey
+	  <andre.holzhey@gmx.de>

CWRU/CWRU.chlog~

@@ -6144,3 +6144,40 @@ subst.c
 	  arguments separated by spaces and don't do word splitting.  Fixes
 	  bug reported by Greg Wooledge <wooledg@eeg.ccf.org> from an IRC
 	  discussion
+
+builtins/hash.def
+	- print_portable_hash_info: single-quote pathnames and hashed filenames
+	  that contain shell metacharacters.  Fixes bug reported by
+	  <g1pi@libero.it> in debian bash bug #739853
+
+				   4/23
+				   ----
+{bashhist,bashline}.c
+builtins{bind,help,type}.def
+lib/glob/glob.c, lib/intl/{loadmsgcat,localealias}.c,lib/sh/mktime.c
+	- fixes to memory leaks uncovered by coverity scan
+
+				   4/24
+				   ----
+{bashhist,subst,redir,assoc,jobs,array,trap}.c
+lib/intl/l10flist.c
+builtins/complete.def
+	- fixes to memory leaks and other resource usage problems uncovered by
+	  coverity scan
+
+redir.c
+	- do_redirection_internal: if dup2 fails (presumably because of a
+	  resource limit), close the file descriptor we opened before returning
+	  error
+
+				   4/25
+				   ----
+config-top.h
+	- DEFAULT_BASHRC: new define with the name of the default shell
+	  startup file
+
+bashline.c
+	- bash_directory_completion_matches: don't dequote the directory name.
+	  If rl_completion_found_quote is non-zero, readline will dequote the
+	  filename itself.  Fixes bug reported by Clark Wang
+	  <dearvoid@gmail.com>

array.c

@@ -834,7 +834,7 @@ int	quoted;
 						rsize, rsize);
 			strcpy(result + rlen, t);
 			rlen += reg;
-			if (quoted && t)
+			if (quoted)
 				free(t);
 			/*
 			 * Add a separator only after non-null elements.

assoc.c

@@ -277,7 +277,10 @@ int starsub, quoted;
   for (i = 1; l && i < start; i++)
     l = l->next;
   if (l == 0)
-    return ((char *)NULL);
+    {
+      dispose_words (save);
+      return ((char *)NULL);
+    }
   for (j = 0,h = t = l; l && j < nelem; j++)
     {
       t = l;

bashline.c

@@ -4208,9 +4208,16 @@ bash_directory_completion_matches (text)
   int qc;
 
   qc = rl_dispatching ? rl_completion_quote_character : 0;  
-  dfn = bash_dequote_filename ((char *)text, qc);
+  /* If rl_completion_found_quote != 0, rl_completion_matches will call the
+     filename dequoting function, causing the directory name to be dequoted
+     twice. */
+  if (rl_dispatching && rl_completion_found_quote == 0)
+    dfn = bash_dequote_filename ((char *)text, qc);
+  else
+    dfn = (char *)text;
   m1 = rl_completion_matches (dfn, rl_filename_completion_function);
-  free (dfn);
+  if (dfn != text)
+    free (dfn);
 
   if (m1 == 0 || m1[0] == 0)
     return m1;

builtins/complete.def

@@ -867,5 +867,8 @@ compopt_builtin (list)
       pcomp_set_compspec_options (cs, opts_off, 0);
     }
 
+  if (wl)
+    dispose_words (wl);
+
   return (ret);
 }

config-top.h

@@ -79,6 +79,9 @@
    reply to the select query is an empty line. */
 #define KSH_COMPATIBLE_SELECT
 
+/* Default interactive shell startup file. */
+#define DEFAULT_BASHRC "~/.bashrc"
+
 /* System-wide .bashrc file for interactive shells. */
 /* #define SYS_BASHRC "/etc/bash.bashrc" */
 

jobs.c

@@ -3818,7 +3818,8 @@ initialize_job_control (force)
 	{
 	  shell_pgrp = getpid ();
 	  setpgid (0, shell_pgrp);
-	  tcsetpgrp (shell_tty, shell_pgrp);
+	  if (shell_tty != -1)
+	    tcsetpgrp (shell_tty, shell_pgrp);
 	}
 
       while ((terminal_pgrp = tcgetpgrp (shell_tty)) != -1)

lib/intl/l10nflist.c

@@ -332,7 +332,10 @@ _nl_make_l10nflist (l10nfile_list, dirlist, dirlist_len, mask, language,
 	    + (((dirlist_count << pop (mask)) + (dirlist_count > 1 ? 1 : 0))
 	       * sizeof (struct loaded_l10nfile *)));
   if (retval == NULL)
-    return NULL;
+    {
+      free (abs_filename);
+      return NULL;
+    }
 
   retval->filename = abs_filename;
 

patchlevel.h

@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 
-#define PATCHLEVEL 0
+#define PATCHLEVEL 11
 
 #endif /* _PATCHLEVEL_H_ */

redir.c

@@ -410,8 +410,11 @@ write_here_document (fd, redirectee)
 	 may need to be reconsidered later. */
       if ((fd2 = dup (fd)) < 0 || (fp = fdopen (fd2, "w")) == NULL)
 	{
+	  old = errno;
 	  if (fd2 >= 0)
 	    close (fd2);
+	  dispose_words (tlist);
+	  errno = old;
 	  return (errno);
 	}
       errno = 0;
@@ -902,7 +905,10 @@ do_redirection_internal (redirect, flags)
 		}
 	    }
 	  else if ((fd != redirector) && (dup2 (fd, redirector) < 0))
-	    return (errno);
+	    {
+	      close (fd);	/* dup2 failed? must be fd limit issue */
+	      return (errno);
+	    }
 
 #if defined (BUFFERED_INPUT)
 	  /* Do not change the buffered stream for an implicit redirection

shell.c

@@ -191,7 +191,7 @@ int have_devfd = 0;
 #endif
 
 /* The name of the .(shell)rc file. */
-static char *bashrc_file = "~/.bashrc";
+static char *bashrc_file = DEFAULT_BASHRC;
 
 /* Non-zero means to act more like the Bourne shell on startup. */
 static int act_like_sh;
@@ -1801,7 +1801,7 @@ shell_reinitialize ()
 
   /* Ensure that the default startup file is used.  (Except that we don't
      execute this file for reinitialized shells). */
-  bashrc_file = "~/.bashrc";
+  bashrc_file = DEFAULT_BASHRC;
 
   /* Delete all variables and functions.  They will be reinitialized when
      the environment is parsed. */

subst.c

@@ -3024,7 +3024,10 @@ pos_params (string, start, end, quoted)
   for (i = start ? 1 : 0; params && i < start; i++)
     params = params->next;
   if (params == 0)
-    return ((char *)NULL);
+    {
+      dispose_words (save);
+      return ((char *)NULL);
+    }
   for (h = t = params; params && i < end; i++)
     {
       t = params;
@@ -5915,6 +5918,14 @@ parameter_brace_expand_indir (name, var_is_special, quoted, quoted_dollar_atp, c
     }
 
   t = parameter_brace_find_indir (name, var_is_special, quoted, 0);
+  if (t == 0 || *t == 0)
+    {
+      report_error (_("%s: invalid indirect expansion"), name);
+      w = alloc_word_desc ();
+      w->word = &expand_param_error;
+      w->flags = 0;
+      return w;
+    }
 
   chk_atstar (t, quoted, quoted_dollar_atp, contains_dollar_at);
   if (t == 0)
@@ -5937,7 +5948,7 @@ parameter_brace_expand_rhs (name, value, c, quoted, qdollaratp, hasdollarat)
 {
   WORD_DESC *w;
   WORD_LIST *l;
-  char *t, *t1, *temp;
+  char *t, *t1, *temp, *vname;
   int hasdol;
 
   /* If the entire expression is between double quotes, we want to treat
@@ -6008,16 +6019,42 @@ parameter_brace_expand_rhs (name, value, c, quoted, qdollaratp, hasdollarat)
   t = temp ? savestring (temp) : savestring ("");
   t1 = dequote_string (t);
   free (t);
+
+  /* bash-4.4/5.0 */
+  vname = name;
+  if (*name == '!' &&
+      (legal_variable_starter ((unsigned char)name[1]) || DIGIT (name[1]) || VALID_INDIR_PARAM (name[1])))
+    {
+      vname = parameter_brace_find_indir (name + 1, SPECIAL_VAR (name, 1), quoted, 1);
+      if (vname == 0 || *vname == 0)
+	{
+	  report_error (_("%s: invalid indirect expansion"), name);
+	  free (vname);
+	  dispose_word (w);
+	  return &expand_wdesc_error;
+	}
+      if (legal_identifier (vname) == 0)
+	{
+	  report_error (_("%s: invalid variable name"), vname);
+	  free (vname);
+	  dispose_word (w);
+	  return &expand_wdesc_error;
+	}
+    }
+    
 #if defined (ARRAY_VARS)
-  if (valid_array_reference (name))
-    assign_array_element (name, t1, 0);
+  if (valid_array_reference (vname))
+    assign_array_element (vname, t1, 0);
   else
 #endif /* ARRAY_VARS */
-  bind_variable (name, t1, 0);
+  bind_variable (vname, t1, 0);
 #if 0
-  if (STREQ (name, "IFS") == 0)
+  if (STREQ (vname, "IFS") == 0)
 #endif
-    stupidly_hack_special_variables (name);
+    stupidly_hack_special_variables (vname);
+
+  if (vname != name)
+    free (vname);
 
   /* From Posix group discussion Feb-March 2010.  Issue 7 0000221 */
   free (temp);
@@ -6381,6 +6418,7 @@ get_var_and_type (varname, value, ind, quoted, flags, varp, valp)
 					|| VALID_INDIR_PARAM (varname[1]));
   if (want_indir)
     vname = parameter_brace_find_indir (varname+1, SPECIAL_VAR (varname, 1), quoted, 1);
+    /* XXX - what if vname == 0 || *vname == 0 ? */
   else
     vname = varname;
     

subst.c~

@@ -3024,7 +3024,10 @@ pos_params (string, start, end, quoted)
   for (i = start ? 1 : 0; params && i < start; i++)
     params = params->next;
   if (params == 0)
-    return ((char *)NULL);
+    {
+      dispose_words (save);
+      return ((char *)NULL);
+    }
   for (h = t = params; params && i < end; i++)
     {
       t = params;
@@ -5736,7 +5739,7 @@ parameter_brace_expand_word (name, var_is_special, quoted, pflags, indp)
   char *temp, *tt;
   intmax_t arg_index;
   SHELL_VAR *var;
-  int atype, rflags, contains_dollar_at, quoted_dollar_at;
+  int atype, rflags;
   arrayind_t ind;
 
   ret = 0;
@@ -5765,8 +5768,8 @@ parameter_brace_expand_word (name, var_is_special, quoted, pflags, indp)
       tt[sindex = 0] = '$';
       strcpy (tt + 1, name);
 
-      ret = param_expand (tt, &sindex, quoted, (int *)NULL, &contains_dollar_at,
-			  &quoted_dollar_at, (int *)NULL, pflags);
+      ret = param_expand (tt, &sindex, quoted, (int *)NULL, (int *)NULL,
+			  (int *)NULL, (int *)NULL, pflags);
       free (tt);
     }
 #if defined (ARRAY_VARS)
@@ -5915,6 +5918,14 @@ parameter_brace_expand_indir (name, var_is_special, quoted, quoted_dollar_atp, c
     }
 
   t = parameter_brace_find_indir (name, var_is_special, quoted, 0);
+  if (t == 0 || *t == 0)
+    {
+      report_error (_("%s: invalid indirect expansion"), name);
+      w = alloc_word_desc ();
+      w->word = &expand_param_error;
+      w->flags = 0;
+      return w;
+    }
 
   chk_atstar (t, quoted, quoted_dollar_atp, contains_dollar_at);
   if (t == 0)
@@ -5937,7 +5948,7 @@ parameter_brace_expand_rhs (name, value, c, quoted, qdollaratp, hasdollarat)
 {
   WORD_DESC *w;
   WORD_LIST *l;
-  char *t, *t1, *temp;
+  char *t, *t1, *temp, *vname;
   int hasdol;
 
   /* If the entire expression is between double quotes, we want to treat
@@ -6008,16 +6019,42 @@ parameter_brace_expand_rhs (name, value, c, quoted, qdollaratp, hasdollarat)
   t = temp ? savestring (temp) : savestring ("");
   t1 = dequote_string (t);
   free (t);
+
+  /* bash-4.4/5.0 */
+  vname = name;
+  if (*name == '!' &&
+      (legal_variable_starter ((unsigned char)name[1]) || DIGIT (name[1]) || VALID_INDIR_PARAM (name[1])))
+    {
+      vname = parameter_brace_find_indir (name + 1, SPECIAL_VAR (name, 1), quoted, 1);
+      if (vname == 0 || *vname == 0)
+	{
+	  report_error (_("%s: invalid indirect expansion"), name);
+	  free (vname);
+	  dispose_word (w);
+	  return &expand_wdesc_error;
+	}
+      if (legal_identifier (vname) == 0)
+	{
+	  report_error (_("%s: invalid variable name"), vname);
+	  free (vname);
+	  dispose_word (w);
+	  return &expand_wdesc_error;
+	}
+    }
+    
 #if defined (ARRAY_VARS)
-  if (valid_array_reference (name))
-    assign_array_element (name, t1, 0);
+  if (valid_array_reference (vname))
+    assign_array_element (vname, t1, 0);
   else
 #endif /* ARRAY_VARS */
-  bind_variable (name, t1, 0);
+  bind_variable (vname, t1, 0);
 #if 0
-  if (STREQ (name, "IFS") == 0)
+  if (STREQ (vname, "IFS") == 0)
 #endif
-    stupidly_hack_special_variables (name);
+    stupidly_hack_special_variables (vname);
+
+  if (vname != name)
+    free (vname);
 
   /* From Posix group discussion Feb-March 2010.  Issue 7 0000221 */
   free (temp);

tests/RUN-ONE-TEST

@@ -1,4 +1,4 @@
-BUILD_DIR=/usr/local/build/bash/bash-current
+BUILD_DIR=/usr/local/build/chet/bash/bash-current
 THIS_SH=$BUILD_DIR/bash
 PATH=$PATH:$BUILD_DIR
 

trap.c

@@ -858,6 +858,8 @@ run_exit_trap ()
 	retval = trap_saved_exit_value;
 
       running_trap = 0;
+      array_dispose (ps);
+
       return retval;
     }