[FFmpeg-devel] [PATCH] configure: Fix some unsafe shell practices
Leo Izen
leo.izen at gmail.com
Thu Jul 1 21:20:51 EEST 2021
This commit fixes some unsafe shell pratcies in ./configure,
particularly those that involve variable expansions on possibly
unsanitized data in unsafe ways. This commit corrects this behavior
in a small number of locations.
---
configure | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/configure b/configure
index b124411609..dd910f538f 100755
--- a/configure
+++ b/configure
@@ -530,7 +530,7 @@ warn(){
die(){
log "$@"
- echo "$error_color$bold_color$@$reset_color"
+ echo "$error_color$bold_color$*$reset_color"
cat <<EOF
If you think configure made a mistake, make sure you are using the latest
@@ -625,7 +625,7 @@ set_weak(){
}
sanitize_var_name(){
- echo $@ | sed 's/[^A-Za-z0-9_]/_/g'
+ printf %s "$*" | sed 's/[^A-Za-z0-9_]/_/g'
}
set_sanitized(){
@@ -1091,7 +1091,7 @@ check_cmd(){
cmd=$1
disabled $cmd && return
disable $cmd
- test_cmd $@ && enable $cmd
+ test_cmd "$@" && enable $cmd
}
check_as(){
@@ -1100,7 +1100,7 @@ check_as(){
code=$2
shift 2
disable $name
- test_as $@ <<EOF && enable $name
+ test_as "$@" <<EOF && enable $name
$code
EOF
}
@@ -1153,8 +1153,8 @@ test_ld(){
log test_ld "$@"
type=$1
shift 1
- flags=$(filter_out '-l*|*.so' $@)
- libs=$(filter '-l*|*.so' $@)
+ flags=$(filter_out '-l*|*.so' "$@")
+ libs=$(filter '-l*|*.so' "$@")
test_$type $($cflags_filter $flags) || return
flags=$($ldflags_filter $flags)
libs=$($ldflags_filter $libs)
@@ -1167,7 +1167,7 @@ check_ld(){
name=$2
shift 2
disable $name
- test_ld $type $@ && enable $name
+ test_ld $type "$@" && enable $name
}
print_include(){
@@ -7709,7 +7709,7 @@ print_enabled_components(){
struct_name=$2
name=$3
shift 3
- echo "static const $struct_name * const $name[] = {" > $TMPH
+ echo "static const $struct_name * const ${name}[] = {" > $TMPH
for c in $*; do
if enabled $c; then
case $name in
--
2.32.0
More information about the ffmpeg-devel
mailing list