Zsh Mailing List Archive
Messages sorted by:
Reverse Date,
Date,
Thread,
Author
Speaking of dangerous referents
- X-seq: zsh-workers 51397
- From: Bart Schaefer <schaefer@xxxxxxxxxxxxxxxx>
- To: Zsh hackers list <zsh-workers@xxxxxxx>
- Subject: Speaking of dangerous referents
- Date: Fri, 10 Feb 2023 21:36:43 -0800
- Archived-at: <https://zsh.org/workers/51397>
- In-reply-to: <CAH+w=7YuT3aHL4WDcunftO8xj48A4oQR5Smo0ryUsTrF=xOpQQ@mail.gmail.com>
- List-id: <zsh-workers.zsh.org>
- References: <CAH+w=7bd5tHQ8_ZFuyheUrTStm8pR826jH1LB-vMdEnv14nH0w@mail.gmail.com> <67689-1675827940.088548@BxvG.D9_b.7RzI> <CAH+w=7ZFq_MyNtPVetDt84Zp8dnCQXis3p=2sKP018GZ-VTd0g@mail.gmail.com> <12608-1675903622.800470@Xj82.e3y1.svhG> <CAH+w=7ZZUCqYe6w1ZqZZKR6iLsZH0SDDXyzwgTU93nxx6bmxjQ@mail.gmail.com> <66045-1675975796.128039@FBF_.0yMO.Y8fk> <CAH+w=7bcqc8SsRxsht0QFyXy=DYzj6nVaBFhdzQ5MrBB+yBz+A@mail.gmail.com> <CAH+w=7YVJO-HkneMpnfBbqBztPaXdXTD=mo-vHbdUW00TiFVBQ@mail.gmail.com> <CAH+w=7YuT3aHL4WDcunftO8xj48A4oQR5Smo0ryUsTrF=xOpQQ@mail.gmail.com>
Oliver wrote:
> > And it could be wise to limit what can be done as part of the
> > subscript evaluation to avoid a CVE similar to the last one.
% print $ZSH_PATCHLEVEL
ubuntu/5.8-3ubuntu1.1
% empty=()
% loop='empty[${(P)loop}]'
% print ${(P)loop}
zsh: segmentation fault (core dumped) zsh -f
Messages sorted by:
Reverse Date,
Date,
Thread,
Author