[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Buffer underflow in help builtin with narrow window
From: |
Chris Hall |
Subject: |
Buffer underflow in help builtin with narrow window |
Date: |
1 Oct 2009 15:38:55 -0000 |
Configuration Information [Automatically generated, do not change]:
Machine: i686
OS: linux-gnu
Compiler: i686-pc-linux-gnu-gcc
Compilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='i686'
-DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='i686-pc-linux-gnu'
-DCONF_VENDOR='pc' -DLOCALEDIR='/usr/share/locale' -DPACKAGE='bash' -DSHELL
-DHAVE_CONFIG_H -I. -I. -I./include -I./lib
-DDEFAULT_PATH_VALUE='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
-DSTANDARD_UTILS_PATH='/bin:/usr/bin:/sbin:/usr/sbin'
-DSYS_BASHRC='/etc/bash/bashrc' -DSYS_BASH_LOGOUT='/etc/bash/bash_logout'
-DNON_INTERACTIVE_LOGIN_SHELLS -DSSH_SOURCE_BASHRC -O3 -march=core2
-fomit-frame-pointer -pipe
uname output: Linux koko 2.6.27-gentoo-r8 #1 SMP Wed Mar 18 21:02:33 GMT 2009
i686 Intel(R) Celeron(R) CPU E1200 @ 1.60GHz GenuineIntel GNU/Linux
Machine Type: i686-pc-linux-gnu
Bash Version: 4.0
Patch Level: 28
Release Status: release
Description:
When 1 <= $COLUMNS <= 5 the "help" builtin writes to an invalid bit of
memory.
Repeat-By:
COLUMNS=5 help
Fix:
In builtins/help.def in show_builtin_command_help(), a $COLUMNS
value that's <=0 is treated as being 80, but other values are used
directly. But values under 6 are unsafe, as ($COLUMNS/2)-3 is
used as in index to the local blurb[] array.
One fix would thus be to change
if (width <= 0)
width = 80;
to
if (width <= 5)
width = 80;
That said, even slightly bigger widths don't yield very helpful
output. "COLUMNS=10 help", for example, is all but useless in
practice -- so perhaps a larger threshold should be used.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Buffer underflow in help builtin with narrow window,
Chris Hall <=