bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AddressSanitizer: heap-buffer-overflow _rl_find_prev_mbchar_internal


From: Chet Ramey
Subject: Re: AddressSanitizer: heap-buffer-overflow _rl_find_prev_mbchar_internal / expand_prompt
Date: Wed, 14 Jun 2017 12:06:24 -0400
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.1.1

On 6/14/17 11:19 AM, Eduardo Bustamante wrote:
> On Tue, Jun 13, 2017 at 04:30:23PM -0400, Chet Ramey wrote:
> [...]
>> I can't reproduce it with asan or without on Mac OS X. I'll look around
>> for a Linux system with asan to run it on.
> 
> All these inputs seem to trigger the same problem. You'll find the
> stacktrace as reported by ASAN first, and then the corresponding input
> base64 encoded.

OK. I finally got it on a Fedora 25 VM. It's an easy fix:

*** display.c   2017-06-09 17:03:59.000000000 -0400
--- /Users/chet/display.c       2017-06-14 12:02:37.000000000 -0400
***************
*** 467,472 ****
--- 467,473 ----
              if (physchars > bound)            /* should rarely happen */
                {
  #if defined (HANDLE_MULTIBYTE)
+                 *r = '\0';    /* need null-termination for strlen */
                  if (mb_cur_max > 1 && rl_byte_oriented == 0)
                    new = _rl_find_prev_mbchar (ret, r - ret, MB_FIND_ANY);
                  else


-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU    chet@case.edu    http://cnswww.cns.cwru.edu/~chet/



reply via email to

[Prev in Thread] Current Thread [Next in Thread]