Bug#763338: /usr/bin/vorbistagedit: Doesn't escape filenames properly
Martin Steghöfer
martin at steghoefer.eu
Sat Nov 29 17:26:42 UTC 2014
Thank you for reporting this problem, Roland!
I tried to track the problem down. I'm certainly not a shell-script
expert, but I think I fixed it.
The patch that was applied earlier to fix this bug only fixed the
quoting of the *input* to "getopt". However, there was still a problem
with the interpretation of its *output* that didn't take into account
its quoting. "GNU getopt" quotes its output, so it can be correctly
split into parameters. However, just using that output directly in a for
loop doesn't take into account that quoting, but splits the output
string at every space regardless its quoting.
To avoid this, the output of "getopt" is now parsed using "eval set --",
which overwrites the original command-line parameters with the ones
provided by "getopt", taking into account quoting.
Iterating over those parameters using a "while" loop with the "shift"
command (to advance) provides an additional positive effect: The
possibility to process the options in the first loop and the filenames
in a second loop. Before, the filename loop processed all options a
second time. Therefore you could only have options that exited
immediately (otherwise they would be interpreted as filenames in the
second loop).
The changes are in git's master branch right now. We should probably
cherry-pick the commit into the branch "jessie-fixes" and upload a new
version of the package because this has a realistic chance of going into
jessie, doesn't it?
Could somebody maybe give it a little more testing? I'm not sure, if my
own testing covered all possible edge cases.
Cheers,
Martin
More information about the pkg-xiph-maint
mailing list