The following reply was made to PR lib/54117; it has been noted by GNATS.
From: "Helde, Paavo" <
Paavo.Helde%PERKINELMER.COM@localhost>
To: "
gnats-bugs%netbsd.org@localhost" <
gnats-bugs%netbsd.org@localhost>,
"
christos%netbsd.org@localhost"
<
christos%netbsd.org@localhost>,
"
netbsd-bugs%netbsd.org@localhost" <
netbsd-bugs%netbsd.org@localhost>,
"
gnats-admin%netbsd.org@localhost" <
gnats-admin%netbsd.org@localhost>
Cc:
Subject: RE: [External] Re: lib/54117 (Buffer overflow in editline filename
completion)
Date: Mon, 15 Apr 2019 08:06:51 +0000
Yes, I can confirm the fix seems to cure the memory overrun issue.
PS. We are using the port
https://www.thrysoee.dk/editline/libedit-20190324= -3.1.tar.gz and we saw several issues with it, like the history subsystem n=
ot configurable and our custom ^@ binding regularly overwritten. The port i=
s some weeks old, maybe some problems are fixed already, maybe some are spe=
cific to the port and maybe some are the artefacts of our potentially inade=
quate attempts to enforce the library to behave as needed for us. In short,=
would it make it sense for me to try to report some of those issues and if=
so, in what form?
Regards
Paavo
-----Original Message-----
From:
abhinav%NetBSD.org@localhost <
abhinav%NetBSD.org@localhost>=20
Sent: Friday, April 12, 2019 6:20 PM
To:
christos%netbsd.org@localhost;
netbsd-bugs%netbsd.org@localhost;
gnats-admin%netbsd.org@localhost; ab=
hinav%NetBSD.org@localhost; Helde, Paavo <
Paavo.Helde%PERKINELMER.COM@localhost>
Subject: [External] Re: lib/54117 (Buffer overflow in editline filename com=
pletion)
Use caution when opening links or attachments.
Synopsis: Buffer overflow in editline filename completion
State-Changed-From-To: open->feedback
State-Changed-By:
abhinav%NetBSD.org@localhost State-Changed-When: Fri, 12 Apr 2019 15:19:41 +0000
State-Changed-Why:
Christos committed the fix suggested by you, could you verify it?