Bug 24443

The symptom of the problem is a spurious arithmetic expression
syntax error when executing a shell script line of the form:

VARIABLE=$((1000 * 1024))

The error that appears is of the form:

scriptname: arith: syntax error: "o"

The problem is caused by an error in expari() in expand.c in sh.

Fix: 

The existing code does the following:

        CHECKSTRSPACE(12 - 2, expdest);
        USTPUTC('\0', expdest);
        start = stackblock();
        p = expdest;
        while (*p != CTLARI && p >= start)
                --p;

The problem is that expdest points to the next unused location on the
stack, so the character at that location is just garbage left over from
a previous expression. p is set to that location, so the first iteration
of the while loop will test that garbage character for CTLARI.

If it happens to be CTLARI, the code will attempt to evaluate the characters
above the top of the stack as an arithmetic expression, and (likely) fail.
This is what was happening in the case I saw.

The solution I propose is to change the while loop to a do loop:

        CHECKSTRSPACE(12 - 2, expdest);
        USTPUTC('\0', expdest);
        start = stackblock();
        p = expdest;
        do {
                --p;
        } while (*p != CTLARI && p >= start);

        ... so that p gets decremented before the first test.
How-To-Repeat: This problem is extremely hard to reproduce, as it depends
on the specifics of previous arithmetic expressions in the shell
script. I could reproduce it all the time with one very large
script, which I can't submit, but wasn't able to do so with 
smaller scripts.