NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

lib/42646: Shell crashes in libedit when window size changes (SIGWINCH)

>Number:         42646
>Category:       lib
>Synopsis:       Shell crashes in libedit when window size changes (SIGWINCH)
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Jan 20 00:40:00 +0000 2010
>Originator:     Joachim Kuebart
>Release:        NetBSD-current
NetBSD yacht 5.99.23 NetBSD 5.99.23 (YACHT) #1: Mon Jan 18 07:35:40 GMT 2010  
joki@yacht:/usr/obj/ amd64

When /bin/sh is sent a signal that interrupts the current read() system call 
with errno=EINTR, it does a memcpy() with length -1 and receives a SIGSEGV.
Send a SIGWINCH signal to a /bin/sh instance, either using
  kill -winch $$
or by changing the window size of an X terminal.
The shell is terminated by SIGSEGV.

This happens because libedit's el_gets() does not honour its contract of 
returning NULL in case of an error (like an interrupted system call EINTR). The 
following patch modifies el_gets() to return NULL when the underlying 
el_wgets() returned NULL. It uses the fact that ct_encode_string() returns NULL 
when it is passed a NULL argument.

Index: eln.c
RCS file: /pub/NetBSD-CVS/src/lib/libedit/eln.c,v
retrieving revision 1.4
diff -p -U8 -r1.4 eln.c
--- eln.c       12 Jan 2010 19:40:50 -0000      1.4
+++ eln.c       20 Jan 2010 00:29:22 -0000
@@ -67,20 +67,22 @@ el_push(EditLine *el, const char *str)
         * character sets too, and Does The Right Thing. */
        el_wpush(el, ct_decode_string(str, &el->el_lgcyconv));
 public const char *
 el_gets(EditLine *el, int *nread)
+       const wchar_t *tmp;
        el->el_flags |= IGNORE_EXTCHARS;
-       el_wgets(el, nread);
+       tmp = el_wgets(el, nread);
        el->el_flags &= ~IGNORE_EXTCHARS;
-       return ct_encode_string(el->el_line.buffer, &el->el_lgcyconv);
+       return ct_encode_string(tmp, &el->el_lgcyconv);
 public int
 el_parse(EditLine *el, int argc, const char *argv[])
        int ret;
        const wchar_t **wargv;

Home | Main Index | Thread Index | Old Index