Re: use-after-free in rl_display_match

bug-readline

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: use-after-free in rl_display_match_list

From:	Chet Ramey
Subject:	Re: use-after-free in rl_display_match_list
Date:	Wed, 22 Mar 2023 11:50:07 -0400
User-agent:	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.9.0

On 3/20/23 4:39 PM, Grisha Levit wrote:

On Mon, Mar 20, 2023 at 12:55 PM Grisha Levit <grishalevit@gmail.com> wrote:


A SIGINT received during get_y_or_n in display_matches can leave
rl_display_match_list working with an already-freed matches array.


Actually, the same thing can happen during calls to _rl_internal_pager
within rl_display_match_list.


Thanks for the report. It's the unusual application that receives a SIGINT
and doesn't at least jump back to the top level.

Chet

--
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU    chet@case.edu    http://tiswww.cwru.edu/~chet/

[Prev in Thread]

Current Thread

[Next in Thread]

use-after-free in rl_display_match_list, Grisha Levit, 2023/03/20
- Re: use-after-free in rl_display_match_list, Grisha Levit, 2023/03/20
  - Re: use-after-free in rl_display_match_list, Chet Ramey <=
    - Re: use-after-free in rl_display_match_list, Grisha Levit, 2023/03/22
    - Re: use-after-free in rl_display_match_list, Chet Ramey, 2023/03/22
    - Re: use-after-free in rl_display_match_list, Grisha Levit, 2023/03/22

Prev by Date: Re: asan report in _rl_free_undo_list
Next by Date: Re: use-after-free in rl_display_match_list
Previous by thread: Re: use-after-free in rl_display_match_list
Next by thread: Re: use-after-free in rl_display_match_list
Index(es):
- Date
- Thread