[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
heap-use-after-free in rl_do_undo
|
From: |
Grisha Levit |
|
Subject: |
heap-use-after-free in rl_do_undo |
|
Date: |
Tue, 25 Apr 2023 19:49:00 -0400 |
This segfaults in a non-ASAN build:
HISTFILE= INPUTRC=<(echo '"F": history-substring-search-forward') \
bash --norc -in <<<$'.\n..\n\cP\cT\cPF\cN\cN.\cPF\c_'
ERROR: AddressSanitizer: heap-use-after-free on address 0x0001060082a8
READ of size 4 at 0x0001060082a8 thread T0
#0 0x1027627b8 in rl_do_undo undo.c:188
#1 0x102764b38 in rl_undo_command undo.c:358
#2 0x102661904 in _rl_dispatch_subseq readline.c:922
0x0001060082a8 is located 24 bytes inside of 32-byte region
[0x000106008290,0x0001060082b0)
freed by thread T0 here:
#0 0x102f6afa4 in wrap_free+0x98
#1 0x1024c8648 in xfree xmalloc.c:140
#2 0x102761834 in _rl_free_undo_list undo.c:111
#3 0x10278fbcc in _rl_free_saved_history_line misc.c:404
#4 0x10269aed8 in rl_history_search_reinit search.c:637
#5 0x10269bec0 in rl_history_substr_search_forward search.c:688
#6 0x102661904 in _rl_dispatch_subseq readline.c:922
previously allocated by thread T0 here:
#0 0x102f6ae68 in wrap_malloc+0x94
#1 0x1024c84ec in xmalloc xmalloc.c:107
#2 0x102761088 in alloc_undo_entry undo.c:75
#3 0x102760f60 in rl_add_undo undo.c:92
#4 0x102779198 in rl_insert_text text.c:113
#5 0x102781710 in _rl_insert_char text.c:903
#6 0x102782664 in rl_insert text.c:955
#7 0x102661904 in _rl_dispatch_subseq readline.c:922
- heap-use-after-free in rl_do_undo,
Grisha Levit <=