Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This macro expansion in lex.c may assign -1 to n if EOF is reached: 1178: fcgetc(n); As a result, n may be -1 when this code is reached: 1190: if(sh_isoption(SH_BRACEEXPAND) && c==LBRACE && !assignment && state[n]!=S_BREAK 'state[n]' is a buffer overflow if n==-1. src/cmd/ksh93/sh/lex.c: sh_lex(): case S_BRACE: - Apart from the buffer overflow, if n<=0, none of the code following fcget(n) does anything until 'break' on line 1199 is reached. So, if fcget(n) yields <=0, just break. This allows some code simplification. Progresses: #518
- Loading branch information