Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/lib/libedit A very simple, non-intrusive patch to fix a segf...



details:   https://anonhg.NetBSD.org/src/rev/11ddf9bb101a
branches:  trunk
changeset: 343737:11ddf9bb101a
user:      christos <christos%NetBSD.org@localhost>
date:      Wed Feb 24 14:29:21 2016 +0000

description:
A very simple, non-intrusive patch to fix a segfault (and a
functional error) in c_gets(), file chared.c.

Run any program using libedit in the default way.  At the el_[w]gets()
prompt, invoke ed-command (for example, in emacs mode, press the
escape key, then type the letter 'x').  You should see a ": " prompt.
Type the letter 'x' again.  Now press the backspace key a few times,
looking at the screen after each key press:

 - The 1st BS deletes the 'x'.
 - The 2nd BS deletes the blank after the prompt.
 - The 3rd BS deletes the colon of the prompt.
 - The 4th BS moves the cursor up one line.
 - The 5th BS gives me "Segmentation fault (core dumped)".

Depending on your platform, it might take a few more or a few less
backspaces for the buffer underrun to trigger the segfault, but
you should be able to hit it sooner or later no matter what.

Run the same program again, connect again and invoke ed-command again.
Now type: 'b', backspace, 'i', backspace, 'n', backspace, 'd', enter.
The "bind" command gets executed, even though you deleted what you
typed before hitting enter.

>From Ingo Schwatze.

diffstat:

 lib/libedit/chared.c |  5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diffs (26 lines):

diff -r 0592d088cdf6 -r 11ddf9bb101a lib/libedit/chared.c
--- a/lib/libedit/chared.c      Wed Feb 24 14:25:38 2016 +0000
+++ b/lib/libedit/chared.c      Wed Feb 24 14:29:21 2016 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: chared.c,v 1.48 2016/02/24 14:25:38 christos Exp $     */
+/*     $NetBSD: chared.c,v 1.49 2016/02/24 14:29:21 christos Exp $     */
 
 /*-
  * Copyright (c) 1992, 1993
@@ -37,7 +37,7 @@
 #if 0
 static char sccsid[] = "@(#)chared.c   8.1 (Berkeley) 6/4/93";
 #else
-__RCSID("$NetBSD: chared.c,v 1.48 2016/02/24 14:25:38 christos Exp $");
+__RCSID("$NetBSD: chared.c,v 1.49 2016/02/24 14:29:21 christos Exp $");
 #endif
 #endif /* not lint && not SCCSID */
 
@@ -707,6 +707,7 @@
                                len = -1;
                                break;
                        }
+                       len--;
                        cp--;
                        continue;
 



Home | Main Index | Thread Index | Old Index