lib/53597: libedit segfault at character decoding error in history_load function

To: lib-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: lib/53597: libedit segfault at character decoding error in history_load function
From: horimoto%clear-code.com@localhost
Date: Wed, 12 Sep 2018 09:05:00 +0000 (UTC)

>Number:         53597
>Category:       lib
>Synopsis:       libedit segfault at character decoding error in history_load function
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Sep 12 09:05:00 +0000 2018
>Originator:     Yasuhiro Horimoto
>Release:        NetBSD: history.c,v 1.59 2017/12/23 18:25:03
>Organization:
>Environment:
Linux 4.9.0-8-amd64 #1 SMP Debian 4.9.110-3+deb9u4 (2018-08-21) x86_64 GNU/Linux
>Description:
When load a history file containing a broken encoding character, libedit is crash.
>How-To-Repeat:
1. We make a file in below a way.

ruby -e 'puts("_HiStOrY_V2_"); puts("\xff")' > ~/.history-file

2. We load the file above.

>Fix:
--- history.c	2018-05-26 03:09:38.000000000 +0900
+++ history.c	2018-09-11 17:20:21.414631546 +0900
@@ -810,6 +810,8 @@
 			ptr = nptr;
 		}
 		(void) strunvis(ptr, line);
+                if (ct_decode_string(ptr, &conv) == NULL)
+                  continue;
 		if (HENTER(h, &ev, ct_decode_string(ptr, &conv)) == -1) {
 			i = -1;
 			goto oomem;

Prev by Date: Re: kern/53595 (getitimer() returns strange value)
Next by Date: Re: kern/53590: DTrace fbt_getargdesc() fails with "Unknown function"
Previous by Thread: Re: kern/53595 (getitimer() returns strange value)
Next by Thread: Re: lib/53597
Indexes:

Home | Main Index | Thread Index | Old Index