bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

address XXX comment at lines 987-990 in bashfile.c


From: Bill Parker
Subject: address XXX comment at lines 987-990 in bashfile.c
Date: Thu, 9 Jul 2015 13:53:52 -0700

Hello All,

   In reviewing the code at line 990 in bashfile.c, while the
issue of rl_line_buffer[0] = '\0', would it not be better to
use memset(rl_line_buffer, '\0', sizeof(rl_line_buffer)) to
clobber the entire line more effectively?  The patch file
below addresses this issue:

--- bashline.c.orig     2015-07-08 14:43:45.000000000 -0700
+++ bashline.c  2015-07-08 14:45:08.000000000 -0700
@@ -987,7 +987,7 @@
   /* Now erase the contents of the current line and undo the effects of the
      rl_accept_line() above.  We don't even want to make the text we just
      executed available for undoing. */
-  rl_line_buffer[0] = '\0';    /* XXX */
+  memset(rl_line_buffer, '\0', sizeof(rl_line_buffer));        /* clobber the entire buffer */
   rl_point = rl_end = 0;
   rl_done = 0;
   rl_readline_state = rrs;
 

=======================================================================

Here is a test program which shows that the buffer does not get
clobbered in the case of 'rl_line_buffer[0]' is set to '\0':

#include <stdio.h>
#include <string.h>

int main(void)
{

    char buffer[27];

    printf("please enter a line of text ->");
    fgets(buffer, sizeof(buffer), stdin);
    printf("\n");
    printf("The line entered is: %s\n", buffer);

    buffer[0] = '\0';   /* does this clobber the buffer */

    printf("\nvalue of buffer[0] is: %c\n", buffer[0]);
    printf("value of buffer[11] is: %c\n", buffer[11]);

    memset(buffer, '\0', sizeof(buffer));
    printf("\nafter call to memset\n\n");

    printf("value of buffer[0] is: %c\n", buffer[0]);
    printf("value of buffer[11] is: %c\n", buffer[11]);

    return 0;
}

Here is the output:

address@hidden ~]$ gcc -O2 testline.c 
address@hidden ~]$ ./a.out
please enter a line of text ->abcdeFGHIJklmnoPQRSTuvwXyZ

The line entered is: abcdeFGHIJklmnoPQRSTuvwXyZ

value of buffer[0] is: 
value of buffer[11] is: l

after call to memset

value of buffer[0] is: 
value of buffer[11] is: 

As you can see, setting buffer[0] to '\0' doesn't exactly
clobber the remaining data in buffer, but after calling
memset(), all of the data is clobbered.

Comments, Questions, Suggestions, Complaints? :)
 
I am attaching the patch file to this bug report.
 
Bill Parker (wp02855 at gmail dot com)

Attachment: bashline.c.patch
Description: Binary data


reply via email to

[Prev in Thread] Current Thread [Next in Thread]