profile
viewpoint

Ask questionsSC2016 shouldn't trigger for printf -v

For bugs

  • Rule Id (if any, e.g. SC1000): SC2016
  • My shellcheck version (shellcheck --version or "online"): 0.6.0
  • [x] The rule's wiki page does not already cover this (e.g. https://shellcheck.net/wiki/SC2086)
  • [x] I tried on shellcheck.net and verified that this is still a problem on the latest commit

For new checks and feature suggestions

  • [ ] shellcheck.net (i.e. the latest commit) currently gives no useful warnings about this
  • [ ] I searched through https://github.com/koalaman/shellcheck/issues and didn't find anything related

Here's a snippet or screenshot that shows the problem:


#!/usr/bin/env bash
declare -A arr
key=foo
printf -v 'arr[$key]' "bar"
printf '%s\n' "${arr[$key]}"

Here's what shellcheck currently says:


printf -v 'arr[$key]' bar
          ^-- SC2016: Expressions don't expand in single quotes, use double quotes for that.

Here's what I wanted or expected to see:

Nothing, as in #873 and #1186. I'd actually expect there to be a warning if it wasn't single quoted or escaped, as it would then fail on keys like ], and it could lead to arbitrary code execution (related: #1322).

EDIT: This also happens with arithmetic, e.g. (( ++arr['$key'] )).

koalaman/shellcheck

Answer questions awgeorge

Also doesn't apply using 'mdfind'

useful!

Related questions

SC1090/SC1091: sourcing should find files relative to script hot 1
SC2181 suggests to check exit code directly when I check for several possible values hot 1
Github User Rank List