BASH PATCH REPORT
			     =================

Bash-Release:	4.4
Patch-ID:	bash44-008

Bug-Reported-by:	Koichi MURASE <myoga.murase@gmail.com>
Bug-Reference-ID:	<CAFLRLk-V+1AeQ2k=pY7ih6V+MfQ_w8EF3YWL2E+wmLfgKBtzXA@mail.gmail.com>
Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2016-11/msg00050.html

Bug-Description:

Under certain circumstances, bash will evaluate arithmetic expressions as
part of reading an expression token even when evaluation is suppressed. This
happens while evaluating a conditional expression and skipping over the
failed branch of the expression.

Patch (apply with `patch -p0'):

*** ../bash-4.4-patched/expr.c	2015-10-11 14:46:36.000000000 -0400
--- expr.c	2016-11-08 11:55:46.000000000 -0500
***************
*** 579,585 ****
    if (curtok == QUES)		/* found conditional expr */
      {
-       readtok ();
-       if (curtok == 0 || curtok == COL)
- 	evalerror (_("expression expected"));
        if (cval == 0)
  	{
--- 579,582 ----
***************
*** 588,591 ****
--- 585,592 ----
  	}
  
+       readtok ();
+       if (curtok == 0 || curtok == COL)
+ 	evalerror (_("expression expected"));
+ 
        val1 = EXP_HIGHEST ();
  
***************
*** 594,600 ****
        if (curtok != COL)
  	evalerror (_("`:' expected for conditional expression"));
!       readtok ();
!       if (curtok == 0)
! 	evalerror (_("expression expected"));
        set_noeval = 0;
        if (cval)
--- 595,599 ----
        if (curtok != COL)
  	evalerror (_("`:' expected for conditional expression"));
! 
        set_noeval = 0;
        if (cval)
***************
*** 604,608 ****
--- 603,611 ----
   	}
  
+       readtok ();
+       if (curtok == 0)
+ 	evalerror (_("expression expected"));
        val2 = expcond ();
+ 
        if (set_noeval)
  	noeval--;
*** ../bash-4.4/patchlevel.h	2016-06-22 14:51:03.000000000 -0400
--- patchlevel.h	2016-10-01 11:01:28.000000000 -0400
***************
*** 26,30 ****
     looks for to find the patch level (for the sccs version string). */
  
! #define PATCHLEVEL 7
  
  #endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
     looks for to find the patch level (for the sccs version string). */
  
! #define PATCHLEVEL 8
  
  #endif /* _PATCHLEVEL_H_ */