[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: AddressSanitizer: heap-buffer-overflow lib/readline/bind.c:437 in rl
|
From: |
Chet Ramey |
|
Subject: |
Re: AddressSanitizer: heap-buffer-overflow lib/readline/bind.c:437 in rl_translate_keyseq |
|
Date: |
Tue, 2 May 2017 11:18:15 -0400 |
|
User-agent: |
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.0.1 |
On 5/2/17 10:22 AM, Eduardo Bustamante wrote:
The valgrind issue might be related to the false positive issue from a
couple of weeks ago, but it really doesn't matter. The bash malloc
severely confuses valgrind.
> I think this is the fix:
>
> dualbus@debian:~/src/gnu/bash$ git diff
> diff --git a/lib/readline/bind.c b/lib/readline/bind.c
> index 117f3427..e02750d6 100644
> --- a/lib/readline/bind.c
> +++ b/lib/readline/bind.c
> @@ -440,8 +440,10 @@ rl_translate_keyseq (const char *seq, char
> *array, int *len)
> {
> c = seq[++i];
>
> - if (c == 0)
> + if (c == 0) {
> + l++;
> break;
> + }
>
> /* Handle \C- and \M- prefixes. */
> if ((c == 'C' || c == 'M') && seq[i + 1] == '-')
>
This is on the right track, but still drops a trailing backslash. A
backslash ending the string should be preserved. That solves the
existing leak issue, avoids the problem with odd numbers of backslashes,
and is more consistent.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU chet@case.edu http://cnswww.cns.cwru.edu/~chet/