BASH PATCH REPORT ================= Bash-Release: 4.4 Patch-ID: bash44-008 Bug-Reported-by: Koichi MURASE Bug-Reference-ID: Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2016-11/msg00050.html Bug-Description: Under certain circumstances, bash will evaluate arithmetic expressions as part of reading an expression token even when evaluation is suppressed. This happens while evaluating a conditional expression and skipping over the failed branch of the expression. Patch (apply with `patch -p0'): *** ../bash-4.4-patched/expr.c 2015-10-11 14:46:36.000000000 -0400 --- expr.c 2016-11-08 11:55:46.000000000 -0500 *************** *** 579,585 **** if (curtok == QUES) /* found conditional expr */ { - readtok (); - if (curtok == 0 || curtok == COL) - evalerror (_("expression expected")); if (cval == 0) { --- 579,582 ---- *************** *** 588,591 **** --- 585,592 ---- } + readtok (); + if (curtok == 0 || curtok == COL) + evalerror (_("expression expected")); + val1 = EXP_HIGHEST (); *************** *** 594,600 **** if (curtok != COL) evalerror (_("`:' expected for conditional expression")); ! readtok (); ! if (curtok == 0) ! evalerror (_("expression expected")); set_noeval = 0; if (cval) --- 595,599 ---- if (curtok != COL) evalerror (_("`:' expected for conditional expression")); ! set_noeval = 0; if (cval) *************** *** 604,608 **** --- 603,611 ---- } + readtok (); + if (curtok == 0) + evalerror (_("expression expected")); val2 = expcond (); + if (set_noeval) noeval--; *** ../bash-4.4/patchlevel.h 2016-06-22 14:51:03.000000000 -0400 --- patchlevel.h 2016-10-01 11:01:28.000000000 -0400 *************** *** 26,30 **** looks for to find the patch level (for the sccs version string). */ ! #define PATCHLEVEL 7 #endif /* _PATCHLEVEL_H_ */ --- 26,30 ---- looks for to find the patch level (for the sccs version string). */ ! #define PATCHLEVEL 8 #endif /* _PATCHLEVEL_H_ */