From 0bd0fb59669007668cb54aba21d57b5182b4e12c Mon Sep 17 00:00:00 2001
From: Chet Ramey <chet.ramey@case.edu>
Date: Thu, 2 Mar 2023 12:04:03 -0500
Subject: [PATCH] fix crash with null arithmetic for expression; fix size_t
 issue with history search string allocation

---
 CWRU/CWRU.chlog        | 22 ++++++++++++++++++++++
 arrayfunc.c            | 21 +++++++++++++++++----
 execute_cmd.c          |  2 +-
 lib/readline/display.c | 14 +++++++++++++-
 lib/readline/search.c  |  2 +-
 5 files changed, 54 insertions(+), 7 deletions(-)

diff --git a/CWRU/CWRU.chlog b/CWRU/CWRU.chlog
index d05a91f4c..040f27f13 100644
--- a/CWRU/CWRU.chlog
+++ b/CWRU/CWRU.chlog
@@ -5474,3 +5474,25 @@ parse.y
 	  closer to name[sub]=word.
 	  From a report by Ilkka Virta <itvirta@iki.fi> back in July, 2020:
 	  https://lists.gnu.org/archive/html/bug-bash/2020-07/msg00133.html
+
+				   2/27
+				   ----
+lib/readline/display.c
+	- rl_redisplay: if HANDLE_MULTIBYTE is defined, do the special META_CHAR
+	  handling if wc_bytes == wc_width == 1
+
+execute_cmd.c
+	- eval_arith_for_expr: make sure we don't call make_word with a NULL
+	  string if expand_arith_string returns NULL. Report from
+	  F G <frank.graziano@gmail.com>
+
+arrayfunc.c
+	- assign_assoc_from_kvlist: added code, currently disabled, to perform
+	  all expansions, including word splitting, on the kv-pair word list
+
+				   2/28
+				   ----
+lib/readline/search.c
+	- rl_history_search_reinit: change check against history_string_size
+	  to account for history_string_size now being a size_t. Report and
+	  fix from Grisha Levit <grishalevit@gmail.com>
diff --git a/arrayfunc.c b/arrayfunc.c
index 27d84d9b8..b85a7cf92 100644
--- a/arrayfunc.c
+++ b/arrayfunc.c
@@ -575,13 +575,22 @@ expand_compound_array_assignment (SHELL_VAR *var, char *value, int flags)
 }
 
 #if ASSOC_KVPAIR_ASSIGNMENT
+/* If non-zero, we split the words in kv-pair compound array assignments in
+   addition to performing the other expansions. */
+int split_kvpair_assignments = 0;
+
+/* We have a set of key-value pairs that should be expanded and split
+   (because they are not assignment statements). They are not expanded
+   and split in expand_compound_array_assignment because assoc_p (var)
+   is true. We defer the expansion until now. */
 static void
 assign_assoc_from_kvlist (SHELL_VAR *var, WORD_LIST *nlist, HASH_TABLE *h, int flags)
 {
-  WORD_LIST *list;
+  WORD_LIST *list, *explist;
   char *akey, *aval, *k, *v;
 
-  for (list = nlist; list; list = list->next)
+  explist = split_kvpair_assignments ? expand_words_no_vars (nlist) : nlist;
+  for (list = explist; list; list = list->next)
     {
       k = list->word->word;
       v = list->next ? list->next->word->word : 0;
@@ -589,7 +598,7 @@ assign_assoc_from_kvlist (SHELL_VAR *var, WORD_LIST *nlist, HASH_TABLE *h, int f
       if (list->next)
         list = list->next;
 
-      akey = expand_subscript_string (k, 0);
+      akey = split_kvpair_assignments ? savestring (k) : expand_subscript_string (k, 0);
       if (akey == 0 || *akey == 0)
 	{
 	  err_badarraysub (k);
@@ -597,7 +606,7 @@ assign_assoc_from_kvlist (SHELL_VAR *var, WORD_LIST *nlist, HASH_TABLE *h, int f
 	  continue;
 	}	      
 
-      aval = expand_assignment_string_to_string (v, 0);
+      aval = split_kvpair_assignments ? savestring (v) : expand_assignment_string_to_string (v, 0);
       if (aval == 0)
 	{
 	  aval = (char *)xmalloc (1);
@@ -605,8 +614,12 @@ assign_assoc_from_kvlist (SHELL_VAR *var, WORD_LIST *nlist, HASH_TABLE *h, int f
 	}
 
       bind_assoc_var_internal (var, h, akey, aval, flags);
+
       free (aval);
     }
+
+  if (explist != nlist)
+    dispose_words (explist);
 }
 
 /* Return non-zero if L appears to be a key-value pair associative array
diff --git a/execute_cmd.c b/execute_cmd.c
index 16d5328ad..7a8618265 100644
--- a/execute_cmd.c
+++ b/execute_cmd.c
@@ -2994,7 +2994,7 @@ eval_arith_for_expr (WORD_LIST *l, int *okp)
   temp = expand_arith_string (expr, Q_DOUBLE_QUOTES|Q_ARITH);
   if (l->next)
     free (expr);
-  new = make_word_list (make_word (temp), (WORD_LIST *)NULL);
+  new = make_word_list (make_word (temp ? temp : ""), (WORD_LIST *)NULL);
   free (temp);
 
   if (new)
diff --git a/lib/readline/display.c b/lib/readline/display.c
index 1ebb2eb5f..b67be305a 100644
--- a/lib/readline/display.c
+++ b/lib/readline/display.c
@@ -1093,6 +1093,8 @@ rl_redisplay (void)
 	      wc_width = (temp >= 0) ? temp : 1;
 	    }
 	}
+      else
+	wc_width = 1;		/* make sure it's set for the META_CHAR check */
 #endif
 
       if (in == rl_point)
@@ -1102,12 +1104,22 @@ rl_redisplay (void)
 	}
 
 #if defined (HANDLE_MULTIBYTE)
-      if (META_CHAR (c) && _rl_output_meta_chars == 0)	/* XXX - clean up */
+      if (META_CHAR (c) && wc_bytes == 1 && wc_width == 1)
 #else
       if (META_CHAR (c))
 #endif
 	{
+#if 0
+	  /* TAG: readline-8.3 20230227 */
+	  /* https://savannah.gnu.org/support/index.php?110830
+	     asking for non-printing meta characters to be printed using an
+	     escape sequence. */
+
+	  /* isprint(c) handles bytes up to UCHAR_MAX */
+	  if (_rl_output_meta_chars == 0 || isprint (c) == 0)
+#else
 	  if (_rl_output_meta_chars == 0)
+#endif
 	    {
 	      char obuf[5];
 	      int olen;
diff --git a/lib/readline/search.c b/lib/readline/search.c
index b7be876fe..525c9c69c 100644
--- a/lib/readline/search.c
+++ b/lib/readline/search.c
@@ -621,7 +621,7 @@ rl_history_search_reinit (int flags)
   if (rl_point)
     {
       /* Allocate enough space for anchored and non-anchored searches */
-      if (_rl_history_search_len >= history_string_size - 2)
+      if (_rl_history_search_len + 2 >= history_string_size)
 	{
 	  history_string_size = _rl_history_search_len + 2;
 	  history_search_string = (char *)xrealloc (history_search_string, history_string_size);
-- 
2.47.2