bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: bash-2.05b: segfault at mbutil.c:234


From: Chet Ramey
Subject: Re: bash-2.05b: segfault at mbutil.c:234
Date: Wed, 18 Sep 2002 11:10:43 -0400

> Configuration Information [Automatically generated, do not change]:
> Machine: i386
> OS: linux-gnu
> Compiler: gcc
> Compilation CFLAGS:  -DPROGRAM='bash' -DCONF_HOSTTYPE='i386' 
> -DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='i386-pc-linux-gnu' 
> -DCONF_VENDOR='pc' -DSHELL -DHAVE_CONFIG_H  -I.  
> -I/home/packages/bash/bash-2.05b -I/home/packages/bash/bash-2.05b/include 
> -I/home/packages/bash/bash-2.05b/lib  -g -O2
> uname output: Linux xxxxx 2.4.18 #7 SMP Mon May 27 15:33:40 CEST 2002 i686 
> unknown unknown GNU/Linux
> Machine Type: i386-pc-linux-gnu
> 
> Bash Version: 2.05b
> Patch Level: 0
> Release Status: release
> 
> Description:
> 
>       NULL pointer dereference in mbutil.c causes segfault

Try this patch, and let me know how it goes:

*** ../bash-2.05b/lib/readline/mbutil.c Tue Jun  4 11:54:29 2002
--- lib/readline/mbutil.c       Mon Aug  5 11:20:39 2002
***************
*** 206,210 ****
      {
        /* shorted to compose multibyte char */
!       memset (ps, 0, sizeof(mbstate_t));
        return -2;
      }
--- 206,211 ----
      {
        /* shorted to compose multibyte char */
!       if (ps)
!       memset (ps, 0, sizeof(mbstate_t));
        return -2;
      }
***************
*** 213,217 ****
        /* invalid to compose multibyte char */
        /* initialize the conversion state */
!       memset (ps, 0, sizeof(mbstate_t));
        return -1;
      }
--- 214,219 ----
        /* invalid to compose multibyte char */
        /* initialize the conversion state */
!       if (ps)
!       memset (ps, 0, sizeof(mbstate_t));
        return -1;
      }
***************
*** 226,232 ****
  int
  _rl_compare_chars (buf1, pos1, ps1, buf2, pos2, ps2)
!      char *buf1, *buf2;
!      mbstate_t *ps1, *ps2;
!      int pos1, pos2;
  {
    int i, w1, w2;
--- 228,237 ----
  int
  _rl_compare_chars (buf1, pos1, ps1, buf2, pos2, ps2)
!      char *buf1;
!      int pos1;
!      mbstate_t *ps1;
!      char *buf2;
!      int pos2;
!      mbstate_t *ps2;
  {
    int i, w1, w2;
***************
*** 277,282 ****
          /* clear the state of the byte sequence, because
             in this case effect of mbstate is undefined  */
!         memset (ps, 0, sizeof (mbstate_t));
        }
        else
        pos += tmp;
--- 282,290 ----
          /* clear the state of the byte sequence, because
             in this case effect of mbstate is undefined  */
!         if (ps)
!           memset (ps, 0, sizeof (mbstate_t));
        }
+       else if (tmp == 0)
+       pos++;
        else
        pos += tmp;

-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
( ``Discere est Dolere'' -- chet )

Chet Ramey, ITS, CWRU    chet@po.CWRU.Edu    http://cnswww.cns.cwru.edu/~chet/




reply via email to

[Prev in Thread] Current Thread [Next in Thread]