BASH PATCH REPORT
			     =================

Bash-Release:	5.3
Patch-ID:	bash53-007

Bug-Reported-by:	jdhedden@gmail.com
Bug-Reference-ID:	<689ac876.050a0220.334a3f.30fb@mx.google.com>
Bug-Reference-URL:	

Bug-Description:

No-fork command substitutions can perform redirections that act on the
enclosing command as well.

--- a/patchlevel.h
+++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 
-#define PATCHLEVEL 6
+#define PATCHLEVEL 7
 
 #endif /* _PATCHLEVEL_H_ */
--- a/subst.c
+++ b/subst.c
@@ -206,6 +206,8 @@ extern int wordexp_only;
 extern int singlequote_translations;
 extern int extended_quote;
 
+extern REDIRECT *exec_redirection_undo_list, *redirection_undo_list;
+
 #if !defined (HAVE_WCSDUP) && defined (HANDLE_MULTIBYTE)
 extern wchar_t *wcsdup (const wchar_t *);
 #endif
@@ -7000,6 +7002,11 @@ function_substitute (char *string, int q
       add_unwind_protect (uw_restore_pipestatus_array, psa);
     }
 #endif
+
+  unwind_protect_pointer (redirection_undo_list);
+  redirection_undo_list = NULL;
+  unwind_protect_pointer (exec_redirection_undo_list);
+  exec_redirection_undo_list = NULL;
   
   subst_assign_varlist = 0;