Subject: lib/12963: Bug in libedit
To: None <>
From: None <>
List: netbsd-bugs
Date: 05/16/2001 16:34:03
>Number:         12963
>Category:       lib
>Synopsis:       Bug in libedit
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed May 16 16:33:00 PDT 2001
>Originator:     Jason Waterman
>Release:        1.5
In tty.c,v 1.14 in libedit, the function tty_bind_char() has a bug.
Line 766 should be changed from: 
   char new[2], old[2]; 
   unsigned char new[2], old[2];  
This is because new[] and old[] are used as an index to a command 
array, defined in map.c, and gets assignments from an unsigned char.
When 255 gets assigned to them, it gets converted to -1 which is out
of bounds. 

I noticed this by getting a segfault running test.c from libedit.  This
was on an OpenBSD system, so test.c might seem to run fine here. 
See above