bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Buffer underflow in help builtin with narrow window


From: Chris Hall
Subject: Buffer underflow in help builtin with narrow window
Date: 1 Oct 2009 15:38:55 -0000

Configuration Information [Automatically generated, do not change]:
Machine: i686
OS: linux-gnu
Compiler: i686-pc-linux-gnu-gcc
Compilation CFLAGS:  -DPROGRAM='bash' -DCONF_HOSTTYPE='i686' 
-DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='i686-pc-linux-gnu' 
-DCONF_VENDOR='pc' -DLOCALEDIR='/usr/share/locale' -DPACKAGE='bash' -DSHELL 
-DHAVE_CONFIG_H   -I.  -I. -I./include -I./lib  
-DDEFAULT_PATH_VALUE='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
 -DSTANDARD_UTILS_PATH='/bin:/usr/bin:/sbin:/usr/sbin' 
-DSYS_BASHRC='/etc/bash/bashrc' -DSYS_BASH_LOGOUT='/etc/bash/bash_logout' 
-DNON_INTERACTIVE_LOGIN_SHELLS -DSSH_SOURCE_BASHRC -O3 -march=core2 
-fomit-frame-pointer -pipe
uname output: Linux koko 2.6.27-gentoo-r8 #1 SMP Wed Mar 18 21:02:33 GMT 2009 
i686 Intel(R) Celeron(R) CPU E1200 @ 1.60GHz GenuineIntel GNU/Linux
Machine Type: i686-pc-linux-gnu

Bash Version: 4.0
Patch Level: 28
Release Status: release

Description:
    When 1 <= $COLUMNS <= 5 the "help" builtin writes to an invalid bit of 
memory.

Repeat-By:
    COLUMNS=5 help

Fix:
    In builtins/help.def in show_builtin_command_help(), a $COLUMNS
    value that's <=0 is treated as being 80, but other values are used
    directly.  But values under 6 are unsafe, as ($COLUMNS/2)-3 is
    used as in index to the local blurb[] array.

    One fix would thus be to change

      if (width <= 0)
        width = 80;

    to

      if (width <= 5)
        width = 80;

    That said, even slightly bigger widths don't yield very helpful
    output.  "COLUMNS=10 help", for example, is all but useless in
    practice -- so perhaps a larger threshold should be used.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]