[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
asan report in spname
From: |
Grisha Levit |
Subject: |
asan report in spname |
Date: |
Tue, 7 Mar 2023 12:12:00 -0500 |
happens when attempting spell-correct-word on an empty line
./bash --norc -in <<<$'\030s'
ERROR: AddressSanitizer: heap-buffer-overflow on address
0x000102e0d0d1 at pc 0x0001004ccf64 bp 0x00016fdf0e30 sp
0x00016fdf0e28
READ of size 1 at 0x000102e0d0d1 thread T0
frame #5: 0x00000001004ccf64 bash`spname(oldname="", newname="")
at spell.c:78:8
frame #6: 0x00000001004cde0c bash`dirspell(dirname="") at spell.c:195:11
frame #7: 0x0000000100335a10
bash`bash_spell_correct_shellword(count=1, key=115) at
bashline.c:1348:16
frame #8: 0x00000001004fe830 bash`_rl_dispatch_subseq(key=115,
map=0x00000001007e0360, got_subseq=0) at readline.c:922:8
frame #9: 0x00000001005009dc bash`_rl_dispatch_subseq(key=24,
map=0x00000001007ddb20, got_subseq=0) at readline.c:1068:8
frame #10: 0x00000001004fc434 bash`_rl_dispatch(key=24,
map=0x00000001007ddb20) at readline.c:866:10
(lldb) fr s 5
frame #5: 0x00000001004ccf64 bash`spname(oldname="", newname="") at spell.c:78:8
75 if (*op == '\0') /* Exact or corrected */
76 {
77 /* `.' is rarely the right thing. */
-> 78 if (oldname[1] == '\0' && newname[1] == '\0' &&
79 oldname[0] != '.' && newname[0] == '.')
80 return -1;
81 return strcmp(oldname, newname) != 0;
(lldb) fr v oldname
(char *) oldname = 0x0000000102e0d0d0 ""
- asan report in spname,
Grisha Levit <=