>Number:         37165
>Category:       bin
>Synopsis:       The ksh has an off-by-one error when changing the history size
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Oct 21 11:05:00 +0000 2007
>Originator:     Peter Bex
>Release:        NetBSD 4.0_RC1
>Organization:
N/A

>Environment:
	
	
System: NetBSD byers.homeunix.org 4.0_RC1 NetBSD 4.0_RC1 (GENERIC) #1: Mon Oct 15 22:43:12 CEST 2007 sjamaan@byers.homeunix.org:/usr/src/sys/arch/macppc/compile/GENERIC macppc
Architecture: powerpc
Machine: macppc
>Description:
	When resizing the history size in /bin/ksh using the HISTSIZE
	variable, there is an off-by-one error when it sets the history
	pointer.  This causes an error when scrolling through the
	buffer.
>How-To-Repeat:
	ksh
	$ echo "something to put in the history buffer"
	$ HISTSIZE=1
	$ <ctrl+p or escape+p, depending on editing mode>
	ksh: internal error: grabhist: bad history array

	or:

	ksh
	$ HISTSIZE=2
	$ HISTSIZE=1
	$ <ctrl+p or escape+p, depending on editing mode>
	HISTSIZE=1 <again ctrl+p/escape+p>
	HISTSIZE=2

	I have also observed segfaults in older ksh versions, but this looks
	like it has been fixed from NetBSD 3.0 -> 4.0.

>Fix:

The ksh code is pretty opaque, but as far as I have been able to determine,
this fixes the problem and introduces no new ones:

Index: history.c
===================================================================
RCS file: /cvsroot/src/bin/ksh/history.c,v
retrieving revision 1.9
diff -u -r1.9 history.c
--- history.c	26 Jun 2005 19:09:00 -0000	1.9
+++ history.c	18 Oct 2007 19:37:42 -0000
@@ -552,7 +552,7 @@
 		histlist = (char **)aresize(histlist, n*sizeof(char *), APERM);
 
 		histsize = n;
-		histptr = histlist + cursize;
+		histptr = histlist + cursize - 1;
 	}
 }

>Unformatted: