bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Infinite loop in rl_forward_word


From: Eduardo Bustamante
Subject: Re: Infinite loop in rl_forward_word
Date: Thu, 11 May 2017 07:03:44 -0500

On Tue, May 9, 2017 at 9:28 AM, Eduardo Bustamante <dualbus@gmail.com> wrote:
[...]

>From what I can tell, it seems like the problem is that `set-mark'
allows you to set a negative rl_mark, and then you can use
`exchange-point-and-mark' to place that negative rl_mark into
rl_point.

A simple way of breaking this is by typing:
<ESC><-><5><ESC><SPC><l><s><\C-x><\C-x><SPC><-l> inside bash, and then
continue typing into readline. Or in other words, call set-mark with
-5, then type stuff, then call exchange-point-and-mark, then type more
stuff.

I think that the fix is:

dualbus@debian:~/src/gnu/bash$ git diff -- lib/readline/text.c
diff --git a/lib/readline/text.c b/lib/readline/text.c
index 095c0ef3..115de093 100644
--- a/lib/readline/text.c
+++ b/lib/readline/text.c
@@ -1699,7 +1699,7 @@ rl_backward_char_search (int count, int key)
 int
 _rl_set_mark_at_pos (int position)
 {
-  if (position > rl_end)
+  if (position > rl_end || position < 0)
     return 1;

   rl_mark = position;
@@ -1720,7 +1720,7 @@ rl_exchange_point_and_mark (int count, int key)
   if (rl_mark > rl_end)
     rl_mark = -1;

-  if (rl_mark == -1)
+  if (rl_mark < 0)
     {
       rl_ding ();
       return 1;



reply via email to

[Prev in Thread] Current Thread [Next in Thread]