hush: fix 'x=; echo ${x:-"$@"}' producing 'BUG in varexp2' message

author Denys Vlasenko <vda.linux@googlemail.com>

Wed, 18 Jul 2018 14:02:25 +0000 (16:02 +0200)

committer Denys Vlasenko <vda.linux@googlemail.com>

Wed, 18 Jul 2018 14:02:25 +0000 (16:02 +0200)
author Denys Vlasenko <vda.linux@googlemail.com>
Wed, 18 Jul 2018 14:02:25 +0000 (16:02 +0200)
committer Denys Vlasenko <vda.linux@googlemail.com>
Wed, 18 Jul 2018 14:02:25 +0000 (16:02 +0200)
diff --git a/shell/hush.c b/shell/hush.c

index 534fabbd0beeffe43d899e8b200c303172b32d87..da10a09a8c5c4d995a51e339057b5c05ba8bbf25 100644 (file)
--- a/shell/hush.c
+++ b/shell/hush.c
@@ -6529,13 +6529,20 @@ static char *expand_string_to_string(const char *str, int EXP_flags, int do_unba
         argv[0] = (char*)str;
         argv[1] = NULL;
         list = expand_variables(argv, EXP_flags | EXP_FLAG_SINGLEWORD);
-       if (HUSH_DEBUG)
-               if (!list[0] || list[1])
-                       bb_error_msg_and_die("BUG in varexp2");
-       /* actually, just move string 2*sizeof(char*) bytes back */
-       overlapping_strcpy((char*)list, list[0]);
-       if (do_unbackslash)
-               unbackslash((char*)list);
+       if (!list[0]) {
+               /* Example where it happens:
+                * x=; echo ${x:-"$@"}
+                */
+               ((char*)list)[0] = '\0';
+       } else {
+               if (HUSH_DEBUG)
+                       if (list[1])
+                               bb_error_msg_and_die("BUG in varexp2");
+               /* actually, just move string 2*sizeof(char*) bytes back */
+               overlapping_strcpy((char*)list, list[0]);
+               if (do_unbackslash)
+                       unbackslash((char*)list);
+       }
         debug_printf_expand("string_to_string=>'%s'\n", (char*)list);
         return (char*)list;
  }
author	Denys Vlasenko <vda.linux@googlemail.com>
	Wed, 18 Jul 2018 14:02:25 +0000 (16:02 +0200)
committer	Denys Vlasenko <vda.linux@googlemail.com>
	Wed, 18 Jul 2018 14:02:25 +0000 (16:02 +0200)