[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: bash-2.05b: segfault at mbutil.c:234
From: |
Chet Ramey |
Subject: |
Re: bash-2.05b: segfault at mbutil.c:234 |
Date: |
Wed, 18 Sep 2002 11:10:43 -0400 |
> Configuration Information [Automatically generated, do not change]:
> Machine: i386
> OS: linux-gnu
> Compiler: gcc
> Compilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='i386'
> -DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='i386-pc-linux-gnu'
> -DCONF_VENDOR='pc' -DSHELL -DHAVE_CONFIG_H -I.
> -I/home/packages/bash/bash-2.05b -I/home/packages/bash/bash-2.05b/include
> -I/home/packages/bash/bash-2.05b/lib -g -O2
> uname output: Linux xxxxx 2.4.18 #7 SMP Mon May 27 15:33:40 CEST 2002 i686
> unknown unknown GNU/Linux
> Machine Type: i386-pc-linux-gnu
>
> Bash Version: 2.05b
> Patch Level: 0
> Release Status: release
>
> Description:
>
> NULL pointer dereference in mbutil.c causes segfault
Try this patch, and let me know how it goes:
*** ../bash-2.05b/lib/readline/mbutil.c Tue Jun 4 11:54:29 2002
--- lib/readline/mbutil.c Mon Aug 5 11:20:39 2002
***************
*** 206,210 ****
{
/* shorted to compose multibyte char */
! memset (ps, 0, sizeof(mbstate_t));
return -2;
}
--- 206,211 ----
{
/* shorted to compose multibyte char */
! if (ps)
! memset (ps, 0, sizeof(mbstate_t));
return -2;
}
***************
*** 213,217 ****
/* invalid to compose multibyte char */
/* initialize the conversion state */
! memset (ps, 0, sizeof(mbstate_t));
return -1;
}
--- 214,219 ----
/* invalid to compose multibyte char */
/* initialize the conversion state */
! if (ps)
! memset (ps, 0, sizeof(mbstate_t));
return -1;
}
***************
*** 226,232 ****
int
_rl_compare_chars (buf1, pos1, ps1, buf2, pos2, ps2)
! char *buf1, *buf2;
! mbstate_t *ps1, *ps2;
! int pos1, pos2;
{
int i, w1, w2;
--- 228,237 ----
int
_rl_compare_chars (buf1, pos1, ps1, buf2, pos2, ps2)
! char *buf1;
! int pos1;
! mbstate_t *ps1;
! char *buf2;
! int pos2;
! mbstate_t *ps2;
{
int i, w1, w2;
***************
*** 277,282 ****
/* clear the state of the byte sequence, because
in this case effect of mbstate is undefined */
! memset (ps, 0, sizeof (mbstate_t));
}
else
pos += tmp;
--- 282,290 ----
/* clear the state of the byte sequence, because
in this case effect of mbstate is undefined */
! if (ps)
! memset (ps, 0, sizeof (mbstate_t));
}
+ else if (tmp == 0)
+ pos++;
else
pos += tmp;
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
( ``Discere est Dolere'' -- chet )
Chet Ramey, ITS, CWRU chet@po.CWRU.Edu http://cnswww.cns.cwru.edu/~chet/