From 349199262c7e7305b3f06d6cd088dc2d3a71bef7 Mon Sep 17 00:00:00 2001
From: zhangnaichuan <zhangnaichuan@huawei.com>
Date: Thu, 26 Oct 2023 18:52:16 +0800
Subject: [PATCH] [Backport]posix: Fix some crashes in wordexp

---
 ...Fix-some-crashes-in-wordexp-BZ-18096.patch | 86 +++++++++++++++++++
 glibc.spec                                    |  6 +-
 2 files changed, 91 insertions(+), 1 deletion(-)
 create mode 100644 backport-posix-Fix-some-crashes-in-wordexp-BZ-18096.patch

diff --git a/backport-posix-Fix-some-crashes-in-wordexp-BZ-18096.patch b/backport-posix-Fix-some-crashes-in-wordexp-BZ-18096.patch
new file mode 100644
index 0000000..668a563
--- /dev/null
+++ b/backport-posix-Fix-some-crashes-in-wordexp-BZ-18096.patch
@@ -0,0 +1,86 @@
+From 31bfe3ef4ea898df606cb6cc59ac72de27002b01 Mon Sep 17 00:00:00 2001
+From: Julian Squires <julian@cipht.net>
+Date: Wed, 22 Mar 2023 14:09:57 -0230
+Subject: [PATCH] posix: Fix some crashes in wordexp [BZ #18096]
+ 
+Without these fixes, the first three included tests segfault (on a
+NULL dereference); the fourth aborts on an assertion, which is itself
+unnecessary.
+ 
+Conflict:NA
+Reference:https://sourceware.org/git/?p=glibc.git;a=commit;h=31bfe3ef4ea898df606cb6cc59ac72de27002b01
+ 
+Signed-off-by: Julian Squires <julian@cipht.net>
+Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
+---
+ posix/wordexp-test.c |  4 ++++
+ posix/wordexp.c      | 11 ++++-------
+ 2 files changed, 8 insertions(+), 7 deletions(-)
+ 
+diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c
+index f7a591149b..bae27d6cee 100644
+--- a/posix/wordexp-test.c
++++ b/posix/wordexp-test.c
+@@ -117,6 +117,8 @@ struct test_case_struct
+     { 0, NULL, "$((010+0x10))", 0, 1, { "24" }, IFS },
+     { 0, NULL, "$((-010+0x10))", 0, 1, { "8" }, IFS },
+     { 0, NULL, "$((-0x10+010))", 0, 1, { "-8" }, IFS },
++    { 0, NULL, "$(())", 0, 1, { "0", }, IFS },
++    { 0, NULL, "$[]", 0, 1, { "0", }, IFS },
+ 
+     /* Advanced parameter expansion */
+     { 0, NULL, "${var:-bar}", 0, 1, { "bar", }, IFS },
+@@ -138,6 +140,8 @@ struct test_case_struct
+     { 0, "12345", "${#var}", 0, 1, { "5", }, IFS },
+     { 0, NULL, "${var:-'}'}", 0, 1, { "}", }, IFS },
+     { 0, NULL, "${var-}", 0, 0, { NULL }, IFS },
++    { 0, NULL, "${a?}", 0, 0, { NULL, }, IFS },
++    { 0, NULL, "${#a=}", 0, 1, { "0", }, IFS },
+ 
+     { 0, "pizza", "${var#${var}}", 0, 0, { NULL }, IFS },
+     { 0, "pepperoni", "${var%$(echo oni)}", 0, 1, { "pepper" }, IFS },
+diff --git a/posix/wordexp.c b/posix/wordexp.c
+index 0da98f5b08..b34c4a939b 100644
+--- a/posix/wordexp.c
++++ b/posix/wordexp.c
+@@ -720,7 +720,7 @@ parse_arith (char **word, size_t *word_length, size_t *max_length,
+ 	      ++(*offset);
+ 
+ 	      /* Go - evaluate. */
+-	      if (*expr && eval_expr (expr, &numresult) != 0)
++	      if (expr && eval_expr (expr, &numresult) != 0)
+ 		{
+ 		  free (expr);
+ 		  return WRDE_SYNTAX;
+@@ -758,7 +758,7 @@ parse_arith (char **word, size_t *word_length, size_t *max_length,
+ 	      long int numresult = 0;
+ 
+ 	      /* Go - evaluate. */
+-	      if (*expr && eval_expr (expr, &numresult) != 0)
++	      if (expr && eval_expr (expr, &numresult) != 0)
+ 		{
+ 		  free (expr);
+ 		  return WRDE_SYNTAX;
+@@ -1790,7 +1790,7 @@ envsubst:
+ 	    {
+ 	      const char *str = pattern;
+ 
+-	      if (str[0] == '\0')
++	      if (!str || str[0] == '\0')
+ 		str = _("parameter null or not set");
+ 
+ 	      __fxprintf (NULL, "%s: %s\n", env, str);
+@@ -1883,10 +1883,7 @@ envsubst:
+ 			_itoa_word (value ? strlen (value) : 0,
+ 				    &param_length[20], 10, 0));
+       if (free_value)
+-	{
+-	  assert (value != NULL);
+-	  free (value);
+-	}
++	free (value);
+ 
+       return *word ? 0 : WRDE_NOSPACE;
+     }
+-- 
+2.33.0
diff --git a/glibc.spec b/glibc.spec
index 60b2565..3dbdb9d 100644
--- a/glibc.spec
+++ b/glibc.spec
@@ -70,7 +70,7 @@
 ##############################################################################
 Name: 	 	glibc
 Version: 	2.34
-Release: 	138
+Release: 	139
 Summary: 	The GNU libc libraries
 License:	%{all_license}
 URL: 		http://www.gnu.org/software/glibc/
@@ -282,6 +282,7 @@ Patch191: linux-Only-build-fstatat-fallback-if-required.patch
 Patch192: Fix-ununsed-fstatat64_time64_statx.patch
 Patch193: linux-use-statx-for-fstat-if-neither-newfstatat-nor-.patch
 Patch194: io-Do-not-implement-fstat-with-fstatat.patch
+Patch195: backport-posix-Fix-some-crashes-in-wordexp-BZ-18096.patch
 
 Patch9000: turn-default-value-of-x86_rep_stosb_threshold_form_2K_to_1M.patch
 Patch9001: delete-no-hard-link-to-avoid-all_language-package-to.patch 
@@ -1503,6 +1504,9 @@ fi
 %endif
 
 %changelog
+* Thu Oct 26 2023 zhangnaichuan <zhangnaichuan@huawei.com> - 2.34-139
+- posix: Fix some crashes in wordexp
+
 * Mon Oct 16 2023 lijianglin <lijianglin2@huawei.com> - 2.34-138
 - io: Do not implement fstat with fstatat
 
-- 
Gitee