BASH PATCH REPORT ================= Bash-Release: 5.2 Patch-ID: bash52-021 Bug-Reported-by: Norbert Lange Bug-Reference-ID: Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-bash/2022-12/msg00046.html Bug-Description: There is an off-by-one error that causes command substitutions to fail when they appear in a word expansion inside a here-document. Patch (apply with `patch -p0'): *** ../bash-5.2-patched/subst.c 2022-12-13 12:08:58.000000000 -0500 --- subst.c 2022-12-14 09:09:53.000000000 -0500 *************** *** 1694,1698 **** CHECK_STRING_OVERRUN (i, si, slen, c); ! tlen = si - i - 1; RESIZE_MALLOCED_BUFFER (result, result_index, tlen + 4, result_size, 64); result[result_index++] = c; --- 1699,1703 ---- CHECK_STRING_OVERRUN (i, si, slen, c); ! tlen = si - i - 2; RESIZE_MALLOCED_BUFFER (result, result_index, tlen + 4, result_size, 64); result[result_index++] = c; *************** *** 1714,1718 **** CHECK_STRING_OVERRUN (i, si, slen, c); ! tlen = si - i - 1; RESIZE_MALLOCED_BUFFER (result, result_index, tlen + 4, result_size, 64); result[result_index++] = c; --- 1719,1723 ---- CHECK_STRING_OVERRUN (i, si, slen, c); ! tlen = si - i - 2; RESIZE_MALLOCED_BUFFER (result, result_index, tlen + 4, result_size, 64); result[result_index++] = c; *** ../bash-5.2/patchlevel.h 2020-06-22 14:51:03.000000000 -0400 --- patchlevel.h 2020-10-01 11:01:28.000000000 -0400 *************** *** 26,30 **** looks for to find the patch level (for the sccs version string). */ ! #define PATCHLEVEL 20 #endif /* _PATCHLEVEL_H_ */ --- 26,30 ---- looks for to find the patch level (for the sccs version string). */ ! #define PATCHLEVEL 21 #endif /* _PATCHLEVEL_H_ */