On 9/13/20 5:05 AM, Paolo Bonzini wrote:
Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
---
configure | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/configure b/configure
index 53723ace57..beae010e39 100755
--- a/configure
+++ b/configure
@@ -89,6 +89,10 @@ printf " '%s'" "$0" "$@" >> config.log
echo >> config.log
echo "#" >> config.log
+quote_sh() {
+ printf "'%s'" "$(echo "$1" | sed "s,','\\',")"
This is unsafe if $1 starts with - or contains \. Better is using
printf. It also eats any trailing newlines in $1, although that may be
less of a concern.
+}
+
print_error() {
(echo
echo "ERROR: $1"
@@ -8061,7 +8065,7 @@ preserve_env WINDRES
printf "exec" >>config.status
for i in "$0" "$@"; do
- test "$i" = --skip-meson || printf " '%s'" "$i" >>config.status
+ test "$i" = --skip-meson || printf " %s" "$(quote_sh $i)" >>config.status
And this unquoted use of $i is wrong.
done
echo ' "$@"' >>config.status
chmod +x config.status
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
