RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1012015 - Bash performs brace expansion on commands with double-quoted strings within a double-quoted command-substitution
Summary: Bash performs brace expansion on commands with double-quoted strings within a...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: bash
Version: 6.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Ondrej Oprala
QA Contact: Martin Frodl
URL:
Whiteboard:
Depends On:
Blocks: 1070830 1116301 1116350
TreeView+ depends on / blocked
 
Reported: 2013-09-25 14:44 UTC by Miciah Dashiel Butler Masters
Modified: 2016-02-01 02:09 UTC (History)
3 users (show)

Fixed In Version: bash-4.1.2-18.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1116301 1116350 (view as bug list)
Environment:
Last Closed: 2014-10-14 07:10:01 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
Nested Dquote brace-expansions patch (734 bytes, text/plain)
2014-05-26 15:31 UTC, Ondrej Oprala 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2014:1503 0 normal SHIPPED_LIVE bash bug fix update 2014-10-14 01:28:07 UTC

Description Miciah Dashiel Butler Masters 2013-09-25 14:44:33 UTC 
Description of problem:
If I enclose a command substitution within double-quotes, and the command includes a double-quoted string, Bash performs brace expansion on the command before performing command substitution.


Version-Release number of selected component (if applicable):
bash-4.1.2-15.el6_4.x86_64

I also ran through the Steps to Reproduce on Fedora 19 with bash-4.2.45-1.fc19.x86_64 and got the same results.


How reproducible:
Completely.


Steps to Reproduce:
1. printf '1=%s 2=%s\n' "$(echo {a,b})"
2. printf '1=%s 2=%s\n' "$(echo '{a,b}')"
3. printf '1=%s 2=%s\n' "$(echo "{a,b}")"


Actual results:

Step 1 prints "1=a b 2=" as expected.
Step 2 prints "1=a b 2=" as expected.
Step 3 prints "1=a b 2=" because {a,b} is expanded before the echo command is run.


Expected results:

Step 3 should print the same output as Step 1 and Step 2.


Additional info:

$ printf '1=%s 2=%s\n' "$(echo {a,b})"
1=a b 2=
$ printf '1=%s 2=%s\n' "$(echo '{a,b}')"
1={a,b} 2=
$ printf '1=%s 2=%s\n' "$(echo "{a,b}")"
1=a 2=b
$ printf '1=%s 2=%s\n' "`echo {a,b}`"
1=a b 2=
$ printf '1=%s 2=%s\n' "`echo '{a,b}'`"
1={a,b} 2=
$ printf '1=%s 2=%s\n' "`echo "{a,b}"`"
1=a 2=b
$ set -x
$ printf '1=%s 2=%s\n' "$(echo {a,b})"
++ echo a b
+ printf '1=%s 2=%s\n' 'a b'
1=a b 2=
$ printf '1=%s 2=%s\n' "$(echo '{a,b}')"
++ echo '{a,b}'
+ printf '1=%s 2=%s\n' '{a,b}'
1={a,b} 2=
$ printf '1=%s 2=%s\n' "$(echo "{a,b}")"
++ echo a
++ echo b
+ printf '1=%s 2=%s\n' a b
1=a 2=b
$ printf '1=%s 2=%s\n' "`echo {a,b}`"
++ echo a b
+ printf '1=%s 2=%s\n' 'a b'
1=a b 2=
$ printf '1=%s 2=%s\n' "`echo '{a,b}'`"
++ echo '{a,b}'
+ printf '1=%s 2=%s\n' '{a,b}'
1={a,b} 2=
$ printf '1=%s 2=%s\n' "`echo "{a,b}"`"
++ echo a
++ echo b
+ printf '1=%s 2=%s\n' a b
1=a 2=b
$

From the above, we can see that brace expansion is indeed happening before the command substitution is performed, with the result that the command echo "{a,b}" is expanded into two commands: echo a and echo b.  Further, the problem is present with backtick syntax as well as $() syntax, but only with nested double-quote marks.
Comment 1 Roman Rakus 2013-09-26 10:00:03 UTC 
Thanks for the report.

It is fixed in bash-4.3-beta (first fix in alpha).

So far bash-4.3 is not released and beta is not part of Fedora. I'm not sure how difficult it will be to back port this fix.
Comment 3 Ondrej Oprala 2014-05-26 15:31:11 UTC 
Created attachment 899325 [details]
Nested Dquote brace-expansions patch

I've backported the relevant code from bash-4.3-alpha. More info: http://lists.gnu.org/archive/html/bug-bash/2013-01/msg00094.html
Comment 4 Branislav Náter 2014-05-30 09:05:30 UTC 
Reproducer available, qa_ack+ for rhel-6.6
Comment 6 Martin Frodl 2014-06-03 16:20:04 UTC 
(In reply to Miciah Dashiel Butler Masters from comment #0)

I am a bit confused by this, so let us make things absolutely clear:

> Steps to Reproduce:
> 2. printf '1=%s 2=%s\n' "$(echo '{a,b}')"

> Actual results:
> Step 2 prints "1=a b 2=" as expected.

> Additional info:
> $ printf '1=%s 2=%s\n' "$(echo '{a,b}')"
> 1={a,b} 2=

If I understand correctly, the actual (and also expected) result of Step 2 is the one with {a,b} (see Additional info) rather than the one provided in Actual results. As a consequence, the expected result is not Step 3 producing the same output as both Step 1 and 2 (since these are different from one another), but rather Step 3 should print the same message as Step 1.

Am I right?
Comment 7 Miciah Dashiel Butler Masters 2014-06-03 16:24:08 UTC 
I believe you are right.  I must have made an error in my initial report.  Sorry!
Comment 9 errata-xmlrpc 2014-10-14 07:10:01 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1503.html
Note You need to log in before you can comment on or make changes to this bug.