From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <libc-alpha-return-60899-listarch-libc-alpha=sources.redhat.com@sourceware.org>
Received: (qmail 115637 invoked by alias); 12 Jul 2015 07:49:27 -0000
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-alpha.sourceware.org>
List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: libc-alpha-owner@sourceware.org
Received: (qmail 115622 invoked by uid 89); 12 Jul 2015 07:49:26 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-0.7 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,SPF_NEUTRAL autolearn=no version=3.3.2
X-HELO: popelka.ms.mff.cuni.cz
Date: Sun, 12 Jul 2015 07:49:00 -0000
From: =?utf-8?B?T25kxZllaiBCw61sa2E=?= <neleai@seznam.cz>
To: libc-alpha@sourceware.org
Subject: [PATCH][BZ #18096] Handle null dereferences in wordexp
Message-ID: <20150712074917.GA6245@domone>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.20 (2009-06-14)
X-SW-Source: 2015-07/txt/msg00370.txt.bz2

Hi,

Kostya, and Carlos wrote this patch on bugzilla but I didn't seen it on
libc-alpha.

These look good for me. Carlos, could you commit it?


diff --git a/posix/wordexp.c b/posix/wordexp.c
index e711d43..d3f3764 100644
--- a/posix/wordexp.c
+++ b/posix/wordexp.c
@@ -740,7 +740,7 @@ parse_arith (char **word, size_t *word_length, size_t *max_length,
 	      ++(*offset);
 
 	      /* Go - evaluate. */
-	      if (*expr && eval_expr (expr, &numresult) != 0)
+	      if (expr && *expr && eval_expr (expr, &numresult) != 0)
 		{
 		  free (expr);
 		  return WRDE_SYNTAX;
@@ -778,7 +778,7 @@ parse_arith (char **word, size_t *word_length, size_t *max_length,
 	      long int numresult = 0;
 
 	      /* Go - evaluate. */
-	      if (*expr && eval_expr (expr, &numresult) != 0)
+	      if (expr && *expr && eval_expr (expr, &numresult) != 0)
 		{
 		  free (expr);
 		  return WRDE_SYNTAX;
@@ -1843,11 +1843,11 @@ envsubst:
 	  if (!colon_seen && value)
 	    /* Substitute NULL */
 	    ;
-	  else
+	  else if (flags & WRDE_SHOWERR)
 	    {
 	      const char *str = pattern;
 
-	      if (str[0] == '\0')
+	      if (str && str[0] == '\0')
 		str = _("parameter null or not set");
 
 	      __fxprintf (NULL, "%s: %s\n", env, str);