#include <unistd.h>
#define CMD "/usr/bin/printf"
int
main(void)
{
execle(CMD, CMD, "\\", NULL, (char *[]){"BROKEN", NULL});
}
On Sat, Apr 2, 2011 at 4:48 AM, Andres Perera <[email protected]> wrote:
>
> print_escape returns 1 even if it's on null, and the rest of the
> prog just ignores null literals
>
> $ env -i sh -c '/usr/bin/printf \\'
> printf: unknown escape sequence `\'
> PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/local/bin
just to be absolutely clear, printf(1) is the one overstepping into
environ[] because of how it badly handles escapes, not the shell
#include <unistd.h>
#define CMD "/usr/bin/printf"
int
main(void)
{
execle(CMD, CMD, "\\", NULL, (char *[]){"BROKEN"});
}
here's the plain bug:
$ (./a.out; echo) | vis -l
printf: unknown escape sequence `\'
\^@BROKEN\$
>
> diff -u -r1.17 printf.c
> --- printf.c B B 27 Oct 2009 23:59:41 -0000 B B B 1.17
> +++ printf.c B B 2 Apr 2011 18:44:36 -0000
> @@ -351,6 +351,11 @@
> B B B B B B B B putchar('\v');
> B B B B B B B B break;
>
> + B B B case '\0':
> + B B B B B B B warnx("null escape sequence");
> + B B B B B B B rval = 1;
> + B B B B B B B return 0;
> +
> B B B B default:
> B B B B B B B B putchar(*str);
> B B B B B B B B warnx("unknown escape sequence `\\%c'", *str);
