bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AddressSanitizer: heap-use-after-free on (...) in rl_do_undo ../../.


From: Chet Ramey
Subject: Re: AddressSanitizer: heap-use-after-free on (...) in rl_do_undo ../../../bash-devel/lib/readline/undo.c:188
Date: Tue, 12 Feb 2019 16:20:03 -0500
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.5.0

On 2/6/19 12:14 PM, Eduardo A. Bustamante López wrote:
> I found another issue in rl_do_undo, but I haven't been successful in 
> figuring out how it happens.

The command string calls execute-last-kbd-macro as part of a macro
definition. The internal abort turns off the defining-macro state without
completely cleaning up the in-progress macro definition, which leads to
an attempt to execute the ill-formed macro recursively. This leads to
memory corruption.

Chet

-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU    chet@case.edu    http://tiswww.cwru.edu/~chet/



reply via email to

[Prev in Thread] Current Thread [Next in Thread]