guix/gnu/packages/patches/atf-execute-with-shell.patch

Submitted here: https://github.com/freebsd/atf/pull/57

From 098b66269b1cf1d944b8b214ceb7ce9febde3682 Mon Sep 17 00:00:00 2001
From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Date: Mon, 29 Jan 2024 22:35:49 -0500
Subject: [PATCH] Fix use after free in execute_with_shell.

The temporary string returned by atf::env::get would be used outside
its statement, which is invalid and cause undefined behavior.  Copy it
to a local variable to avoid the issue.

Fixes: https://github.com/freebsd/atf/issues/26
Fixes: https://github.com/freebsd/kyua/issues/223

Reported-by: Ruslan Bukin <br@bsdpad.com>
---
 atf-sh/atf-check.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/atf-sh/atf-check.cpp b/atf-sh/atf-check.cpp
index 41f0b13..9d6f7a8 100644
--- a/atf-sh/atf-check.cpp
+++ b/atf-sh/atf-check.cpp
@@ -436,7 +436,9 @@ execute_with_shell(char* const* argv)
     const std::string cmd = flatten_argv(argv);
 
     const char* sh_argv[4];
-    sh_argv[0] = atf::env::get("ATF_SHELL", ATF_SHELL).c_str();
+    const std::string shell = atf::env::get("ATF_SHELL", ATF_SHELL);
+
+    sh_argv[0] = shell.c_str();
     sh_argv[1] = "-c";
     sh_argv[2] = cmd.c_str();
     sh_argv[3] = NULL;

base-commit: 18eb8168b70a0f934b4824b6391b55ac0b2f4fdf
-- 
2.41.0