[FFmpeg-devel] [PATCH] configure: Fix some unsafe shell practices

libav at airmail.cc libav at airmail.cc
Thu Jul 1 23:03:45 EEST 2021 

On 2021-07-01 14:20, Leo Izen wrote:
> This commit fixes some unsafe shell pratcies in ./configure,
> particularly those that involve variable expansions on possibly
> unsanitized data in unsafe ways. This commit corrects this behavior
> in a small number of locations.
> ---
>  configure | 16 ++++++++--------
>  1 file changed, 8 insertions(+), 8 deletions(-)
> 
> diff --git a/configure b/configure
> index b124411609..dd910f538f 100755
> --- a/configure
> +++ b/configure
> @@ -530,7 +530,7 @@ warn(){
> 
>  die(){
>      log "$@"
> -    echo "$error_color$bold_color$@$reset_color"
> +    echo "$error_color$bold_color$*$reset_color"
>      cat <<EOF
> 
>  If you think configure made a mistake, make sure you are using the 
> latest
> @@ -625,7 +625,7 @@ set_weak(){
>  }
> 
>  sanitize_var_name(){
> -    echo $@ | sed 's/[^A-Za-z0-9_]/_/g'
> +    printf %s "$*" | sed 's/[^A-Za-z0-9_]/_/g'
>  }
> 
>  set_sanitized(){
> @@ -1091,7 +1091,7 @@ check_cmd(){
>      cmd=$1
>      disabled $cmd && return
>      disable $cmd
> -    test_cmd $@ && enable $cmd
> +    test_cmd "$@" && enable $cmd
>  }
> 
>  check_as(){
> @@ -1100,7 +1100,7 @@ check_as(){
>      code=$2
>      shift 2
>      disable $name
> -    test_as $@ <<EOF && enable $name
> +    test_as "$@" <<EOF && enable $name
>  $code
>  EOF
>  }
> @@ -1153,8 +1153,8 @@ test_ld(){
>      log test_ld "$@"
>      type=$1
>      shift 1
> -    flags=$(filter_out '-l*|*.so' $@)
> -    libs=$(filter '-l*|*.so' $@)
> +    flags=$(filter_out '-l*|*.so' "$@")
> +    libs=$(filter '-l*|*.so' "$@")
>      test_$type $($cflags_filter $flags) || return
>      flags=$($ldflags_filter $flags)
>      libs=$($ldflags_filter $libs)
> @@ -1167,7 +1167,7 @@ check_ld(){
>      name=$2
>      shift 2
>      disable $name
> -    test_ld $type $@ && enable $name
> +    test_ld $type "$@" && enable $name
>  }
> 
>  print_include(){
> @@ -7709,7 +7709,7 @@ print_enabled_components(){
>      struct_name=$2
>      name=$3
>      shift 3
> -    echo "static const $struct_name * const $name[] = {" > $TMPH
> +    echo "static const $struct_name * const ${name}[] = {" > $TMPH
>      for c in $*; do
>          if enabled $c; then
>              case $name in
LGTM

More information about the ffmpeg-devel mailing list