Fix CVE-2018-7548: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7548 Patch copied from upstream source repository: https://sourceforge.net/p/zsh/code/ci/110b13e1090bc31ac1352b28adc2d02b6d25a102 From 110b13e1090bc31ac1352b28adc2d02b6d25a102 Mon Sep 17 00:00:00 2001 From: Joey Pabalinas <joeypabalinas@gmail.com> Date: Tue, 23 Jan 2018 22:28:08 -0800 Subject: [PATCH] 42313: avoid null-pointer deref when using ${(PA)...} on an empty array result --- ChangeLog | 5 +++++ Src/subst.c | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) #diff --git a/ChangeLog b/ChangeLog #index d2ba94afc..3037edda4 100644 #--- a/ChangeLog #+++ b/ChangeLog #@@ -1,3 +1,8 @@ #+2018-01-23 Barton E. Schaefer <schaefer@zsh.org> #+ #+ * Joey Pabalinas: 42313: Src/subst.c: avoid null-pointer deref #+ when using ${(PA)...} on an empty array result #+ # 2018-01-23 Oliver Kiddle <okiddle@yahoo.co.uk> # # * 42317: Completion/Linux/Command/_cryptsetup, diff --git a/Src/subst.c b/Src/subst.c index d027e3d83..a265a187e 100644 --- a/Src/subst.c +++ b/Src/subst.c @@ -2430,7 +2430,7 @@ paramsubst(LinkList l, LinkNode n, char **str, int qt, int pf_flags, val = aval[0]; isarr = 0; } - s = dyncat(val, s); + s = val ? dyncat(val, s) : dupstring(s); /* Now behave po-faced as if it was always like that... */ subexp = 0; /* -- 2.16.2