Fix incorrect escaping of quotes for CMD when quoting #998
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Update the `escapeArgForQuoted` function for CMD, preserving how quoting
is done. The majority of the old escape logic is gone (except for
control characters) and is replaced with new logic based first on (of
all sources) [1] to escape double quotes (which have to be escaped
somehow because they're also used to do the quoting). In short, the
rules for escaping quotes are as follows (adapted from [1]):
1. "For each double quote in the original string, let N be the number
of backslash(es) before it, N might be zero. Replace these N
backslash(es) by 2*N+1 backslash(es)."
2. "Let N be the number of backslash(es) [before a space or tab in] the
original string, N might be zero. Replace these N backslash(es)
by 2*N backslash(es)."
Second, based on [2] and experimentation, special characters are escaped
if and only if they're preceded by an even number (and/including 0) of
quotes. I can't really tell why this is correct, but from testing it
appears to be necessary as otherwise the escape character ("^") would
appear in the argument received by the target program when there's an
odd number of quotes preceding it.
--
1. https://www.gnu.org/software/gawk/manual/html_node/DOS-Quoting.html
2. https://ss64.com/nt/
ericcornelissen
changed the title
cmd.exe
This was referenced Jul 5, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Relates to #986
Summary
Update escaping for quoting for CMD following a fuzz crash found during nightly fuzzing. The crash detected incorrect results for certain uses of double quotes. This has lead to a significant change to the implementation of escaping for quoting for CMD. In particular, double quotes will now be escaped as
\\"(correspondingly, backslashes will be escaped as\\\\) based on the rules laid out in (of all sources) thisgawkdocumentation. As a consequence, escaping of special characters is now only done when there's an even number of quotes preceding that character (don't ask me why...).Notes
buglabel isn't applied because this doesn't fix a released problem.