BASH PATCH REPORT
			     =================

Bash-Release:	5.2
Patch-ID:	bash52-021

Bug-Reported-by:	Norbert Lange <nolange79@gmail.com>
Bug-Reference-ID:	<CADYdroPZFdVZSL6KkhqkAPgKKopbsLQVSm7_TvLCwadL2=UAWw@mail.gmail.com>
Bug-Reference-URL:	https://lists.gnu.org/archive/html/bug-bash/2022-12/msg00046.html

Bug-Description:

There is an off-by-one error that causes command substitutions to fail when
they appear in a word expansion inside a here-document.

Patch (apply with `patch -p0'):

*** ../bash-5.2-patched/subst.c	2022-12-13 12:08:58.000000000 -0500
--- subst.c	2022-12-14 09:09:53.000000000 -0500
***************
*** 1694,1698 ****
  	  CHECK_STRING_OVERRUN (i, si, slen, c);
  
! 	  tlen = si - i - 1;
  	  RESIZE_MALLOCED_BUFFER (result, result_index, tlen + 4, result_size, 64);
  	  result[result_index++] = c;
--- 1699,1703 ----
  	  CHECK_STRING_OVERRUN (i, si, slen, c);
  
! 	  tlen = si - i - 2;
  	  RESIZE_MALLOCED_BUFFER (result, result_index, tlen + 4, result_size, 64);
  	  result[result_index++] = c;
***************
*** 1714,1718 ****
  	  CHECK_STRING_OVERRUN (i, si, slen, c);
  
! 	  tlen = si - i - 1;
  	  RESIZE_MALLOCED_BUFFER (result, result_index, tlen + 4, result_size, 64);
  	  result[result_index++] = c;
--- 1719,1723 ----
  	  CHECK_STRING_OVERRUN (i, si, slen, c);
  
! 	  tlen = si - i - 2;
  	  RESIZE_MALLOCED_BUFFER (result, result_index, tlen + 4, result_size, 64);
  	  result[result_index++] = c;

*** ../bash-5.2/patchlevel.h	2020-06-22 14:51:03.000000000 -0400
--- patchlevel.h	2020-10-01 11:01:28.000000000 -0400
***************
*** 26,30 ****
     looks for to find the patch level (for the sccs version string). */
  
! #define PATCHLEVEL 20
  
  #endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
     looks for to find the patch level (for the sccs version string). */
  
! #define PATCHLEVEL 21
  
  #endif /* _PATCHLEVEL_H_ */