bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AddressSanitizer: heap-buffer-overflow lib/readline/bind.c:437 in rl


From: Chet Ramey
Subject: Re: AddressSanitizer: heap-buffer-overflow lib/readline/bind.c:437 in rl_translate_keyseq
Date: Tue, 2 May 2017 11:18:15 -0400
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.0.1

On 5/2/17 10:22 AM, Eduardo Bustamante wrote:

The valgrind issue might be related to the false positive issue from a
couple of weeks ago, but it really doesn't matter. The bash malloc
severely confuses valgrind.

> I think this is the fix:
> 
> address@hidden:~/src/gnu/bash$ git diff
> diff --git a/lib/readline/bind.c b/lib/readline/bind.c
> index 117f3427..e02750d6 100644
> --- a/lib/readline/bind.c
> +++ b/lib/readline/bind.c
> @@ -440,8 +440,10 @@ rl_translate_keyseq (const char *seq, char
> *array, int *len)
>         {
>           c = seq[++i];
> 
> -         if (c == 0)
> +         if (c == 0) {
> +           l++;
>             break;
> +         }
> 
>           /* Handle \C- and \M- prefixes. */
>           if ((c == 'C' || c == 'M') && seq[i + 1] == '-')
> 

This is on the right track, but still drops a trailing backslash. A
backslash ending the string should be preserved. That solves the
existing leak issue, avoids the problem with odd numbers of backslashes,
and is more consistent.

-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU    address@hidden    http://cnswww.cns.cwru.edu/~chet/



reply via email to

[Prev in Thread] Current Thread [Next in Thread]