[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
./lib/lineread/mbutil.c bug(?)
|
From: |
mindfuq |
|
Subject: |
./lib/lineread/mbutil.c bug(?) |
|
Date: |
Sat, 3 May 2003 15:47:17 -0400 |
|
User-agent: |
Mutt/1.2.5.1i |
Hello.
I believe there is a bug in lib/readline/mbutil.c line 208 and 215,
208: memset (ps, 0, sizeof(mbstate_t));
215: memset (ps, 0, sizeof(mbstate_t));
I'm not sure how to explain this bug in a detailed maner, however, here is
a few ways i managed to reproduse it;
(arg: 999) <some obscure char, eg 0xf8> ALT+1
or
some combinations of those same characters, eg 0xf8, in history, and
then scroll back thru history until that line occurs.
Both of these will make bash freeze and crash, gdb tells me;
Program received signal SIGSEGV, Segmentation fault.
0x080bd3b6 in _rl_get_char_len ()
This has all been tested on "GNU bash, version 2.05b.0(1)-release" on a
x86 platform, in a normal console (no XFree/xterm etc).
The following patch fixed these problems:
--- ./lib/readline/mbutil.c
+++ ./lib/readline/mbutil.c
@@ -205,14 +205,14 @@
if (tmp == (size_t)(-2))
{
/* shorted to compose multibyte char */
- memset (ps, 0, sizeof(mbstate_t));
+ memset (&ps, 0, sizeof(mbstate_t));
return -2;
}
else if (tmp == (size_t)(-1))
{
/* invalid to compose multibyte char */
/* initialize the conversion state */
- memset (ps, 0, sizeof(mbstate_t));
+ memset (&ps, 0, sizeof(mbstate_t));
return -1;
}
else if (tmp == (size_t)0)
--
Tom R. Flo
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- ./lib/lineread/mbutil.c bug(?),
mindfuq <=