segfault when editing non-us characters

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

segfault when editing non-us characters

From:	jimmy
Subject:	segfault when editing non-us characters
Date:	3 Jan 2003 07:51:00 -0000

Configuration Information [Automatically generated, do not change]:
Machine: i686
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS:  -DPROGRAM='bash' -DCONF_HOSTTYPE='i686' 
-DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='i686-pc-linux-gnu' 
-DCONF_VENDOR='pc' -DSHELL -DHAVE_CONFIG_H  -I.  -I. -I./include -I./lib  -g -O2
uname output: Linux ns 2.2.22 #1 Wed Nov 6 12:23:08 EET 2002 i686 unknown
Machine Type: i686-pc-linux-gnu

Bash Version: 2.05b
Patch Level: 0
Release Status: release

Description:

Program received signal SIGSEGV, Segmentation fault.
#0  _rl_get_char_len (src=0x80e7f36 "çà", ps=0x0) at mbutil.c:215
#1  0x080b6c86 in _rl_compare_chars (buf1=0x80e7f36 "çà", pos1=-1,
    ps1=0xffffffff, buf2=0x80ec4b5 "çà", pos2=-1, ps2=0xffffffff)
    at mbutil.c:234
#2  0x080ad73e in update_line (old=0x80e7f28 "bash-2.05b# áîçà",
    new=0x80ec4a8 "bash-2.05b# áçà", current_line=0, omax=16, nmax=15,
    inv_botlin=0) at display.c:1210

The sequence of events:
#2 update_line() calls _rl_compare_chars() with ps1 == ps2 == 0.
#1 _rl_compare_chars() passes ps1 and then ps2 to _rl_get_char_len().
#0 does a memset(ps, 0, sizeof(mbstate_t)) even if ps == 0. SIGSEGV.

Repeat-By:

Type some non-us characters, position the cursor on any of it and
press a self-insert of delete-char key.

Fix:

diff -Nru3 bash-2.05b/lib/readline/mbutil.c bash/lib/readline/mbutil.c
--- bash-2.05b/lib/readline/mbutil.c    2002-06-04 18:54:29.000000000 +0300
+++ bash/lib/readline/mbutil.c  2002-12-20 20:35:16.000000000 +0200
@@ -205,14 +205,16 @@
   if (tmp == (size_t)(-2))
     {
       /* shorted to compose multibyte char */
-      memset (ps, 0, sizeof(mbstate_t));
+      if (ps)
+       memset (ps, 0, sizeof(mbstate_t));
       return -2;
     }
   else if (tmp == (size_t)(-1))
     {
       /* invalid to compose multibyte char */
       /* initialize the conversion state */
-      memset (ps, 0, sizeof(mbstate_t));
+      if (ps)
+       memset (ps, 0, sizeof(mbstate_t));
       return -1;
     }
   else if (tmp == (size_t)0)

Note:

This is a readline-4.3 bug and should be fixed in readline as well.

E-gards: Jimmy

[Prev in Thread]

Current Thread

[Next in Thread]

segfault when editing non-us characters, jimmy <=

Prev by Date: M-^ and M-C-e with histverify turned on.
Next by Date: 3 small overwrite-mode bugs
Previous by thread: M-^ and M-C-e with histverify turned on.
Next by thread: 3 small overwrite-mode bugs
Index(es):
- Date
- Thread