Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/lib/libedit PR/54399: Sören Tempel: Uninitialized memory acc...
details: https://anonhg.NetBSD.org/src/rev/2692af305100
branches: trunk
changeset: 1000347:2692af305100
user: christos <christos%NetBSD.org@localhost>
date: Tue Jul 23 10:18:52 2019 +0000
description:
PR/54399: Sören Tempel: Uninitialized memory access in libedit history.
Initialize the buffer using calloc. While here change all malloc(a * sizeof(b))
to calloc(a, sizeof(b)). XXX: should fix realloc similarly.
diffstat:
lib/libedit/chared.c | 18 ++++++------------
lib/libedit/chartype.c | 6 +++---
lib/libedit/el.c | 10 ++++------
lib/libedit/el.h | 3 ++-
lib/libedit/filecomplete.c | 14 +++++++-------
lib/libedit/hist.c | 6 +++---
lib/libedit/keymacro.c | 6 +++---
lib/libedit/literal.c | 10 +++++-----
lib/libedit/map.c | 12 ++++++------
lib/libedit/parse.c | 6 +++---
lib/libedit/read.c | 7 +++----
lib/libedit/readline.c | 20 ++++++++++----------
lib/libedit/search.c | 6 +++---
lib/libedit/terminal.c | 22 +++++++++-------------
lib/libedit/vi.c | 8 ++++----
15 files changed, 71 insertions(+), 83 deletions(-)
diffs (truncated from 612 to 300 lines):
diff -r 3787e7037adb -r 2692af305100 lib/libedit/chared.c
--- a/lib/libedit/chared.c Tue Jul 23 09:50:27 2019 +0000
+++ b/lib/libedit/chared.c Tue Jul 23 10:18:52 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: chared.c,v 1.58 2019/07/23 09:47:16 christos Exp $ */
+/* $NetBSD: chared.c,v 1.59 2019/07/23 10:18:52 christos Exp $ */
/*-
* Copyright (c) 1992, 1993
@@ -37,7 +37,7 @@
#if 0
static char sccsid[] = "@(#)chared.c 8.1 (Berkeley) 6/4/93";
#else
-__RCSID("$NetBSD: chared.c,v 1.58 2019/07/23 09:47:16 christos Exp $");
+__RCSID("$NetBSD: chared.c,v 1.59 2019/07/23 10:18:52 christos Exp $");
#endif
#endif /* not lint && not SCCSID */
@@ -396,26 +396,22 @@
libedit_private int
ch_init(EditLine *el)
{
- el->el_line.buffer = el_malloc(EL_BUFSIZ *
+ el->el_line.buffer = el_calloc(EL_BUFSIZ,
sizeof(*el->el_line.buffer));
if (el->el_line.buffer == NULL)
return -1;
- (void) memset(el->el_line.buffer, 0, EL_BUFSIZ *
- sizeof(*el->el_line.buffer));
el->el_line.cursor = el->el_line.buffer;
el->el_line.lastchar = el->el_line.buffer;
el->el_line.limit = &el->el_line.buffer[EL_BUFSIZ - EL_LEAVE];
- el->el_chared.c_undo.buf = el_malloc(EL_BUFSIZ *
+ el->el_chared.c_undo.buf = el_calloc(EL_BUFSIZ,
sizeof(*el->el_chared.c_undo.buf));
if (el->el_chared.c_undo.buf == NULL)
return -1;
- (void) memset(el->el_chared.c_undo.buf, 0, EL_BUFSIZ *
- sizeof(*el->el_chared.c_undo.buf));
el->el_chared.c_undo.len = -1;
el->el_chared.c_undo.cursor = 0;
- el->el_chared.c_redo.buf = el_malloc(EL_BUFSIZ *
+ el->el_chared.c_redo.buf = el_calloc(EL_BUFSIZ,
sizeof(*el->el_chared.c_redo.buf));
if (el->el_chared.c_redo.buf == NULL)
return -1;
@@ -426,12 +422,10 @@
el->el_chared.c_vcmd.action = NOP;
el->el_chared.c_vcmd.pos = el->el_line.buffer;
- el->el_chared.c_kill.buf = el_malloc(EL_BUFSIZ *
+ el->el_chared.c_kill.buf = el_calloc(EL_BUFSIZ,
sizeof(*el->el_chared.c_kill.buf));
if (el->el_chared.c_kill.buf == NULL)
return -1;
- (void) memset(el->el_chared.c_kill.buf, 0, EL_BUFSIZ *
- sizeof(*el->el_chared.c_kill.buf));
el->el_chared.c_kill.mark = el->el_line.buffer;
el->el_chared.c_kill.last = el->el_chared.c_kill.buf;
el->el_chared.c_resizefun = NULL;
diff -r 3787e7037adb -r 2692af305100 lib/libedit/chartype.c
--- a/lib/libedit/chartype.c Tue Jul 23 09:50:27 2019 +0000
+++ b/lib/libedit/chartype.c Tue Jul 23 10:18:52 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: chartype.c,v 1.34 2018/11/25 16:20:28 christos Exp $ */
+/* $NetBSD: chartype.c,v 1.35 2019/07/23 10:18:52 christos Exp $ */
/*-
* Copyright (c) 2009 The NetBSD Foundation, Inc.
@@ -31,7 +31,7 @@
*/
#include "config.h"
#if !defined(lint) && !defined(SCCSID)
-__RCSID("$NetBSD: chartype.c,v 1.34 2018/11/25 16:20:28 christos Exp $");
+__RCSID("$NetBSD: chartype.c,v 1.35 2019/07/23 10:18:52 christos Exp $");
#endif /* not lint && not SCCSID */
#include <ctype.h>
@@ -157,7 +157,7 @@
if (ct_conv_wbuff_resize(conv, bufspace + CT_BUFSIZ) == -1)
return NULL;
- wargv = el_malloc((size_t)(argc + 1) * sizeof(*wargv));
+ wargv = el_calloc((size_t)(argc + 1), sizeof(*wargv));
for (i = 0, p = conv->wbuff; i < argc; ++i) {
if (!argv[i]) { /* don't pass null pointers to mbstowcs */
diff -r 3787e7037adb -r 2692af305100 lib/libedit/el.c
--- a/lib/libedit/el.c Tue Jul 23 09:50:27 2019 +0000
+++ b/lib/libedit/el.c Tue Jul 23 10:18:52 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: el.c,v 1.98 2019/04/26 16:56:57 christos Exp $ */
+/* $NetBSD: el.c,v 1.99 2019/07/23 10:18:52 christos Exp $ */
/*-
* Copyright (c) 1992, 1993
@@ -37,7 +37,7 @@
#if 0
static char sccsid[] = "@(#)el.c 8.2 (Berkeley) 1/3/94";
#else
-__RCSID("$NetBSD: el.c,v 1.98 2019/04/26 16:56:57 christos Exp $");
+__RCSID("$NetBSD: el.c,v 1.99 2019/07/23 10:18:52 christos Exp $");
#endif
#endif /* not lint && not SCCSID */
@@ -71,13 +71,11 @@
el_init_internal(const char *prog, FILE *fin, FILE *fout, FILE *ferr,
int fdin, int fdout, int fderr, int flags)
{
- EditLine *el = el_malloc(sizeof(*el));
+ EditLine *el = el_calloc(1, sizeof(*el));
if (el == NULL)
return NULL;
- memset(el, 0, sizeof(EditLine));
-
el->el_infile = fin;
el->el_outfile = fout;
el->el_errfile = ferr;
@@ -534,7 +532,7 @@
if ((ptr = getenv("HOME")) == NULL)
return -1;
plen += strlen(ptr);
- if ((path = el_malloc(plen * sizeof(*path))) == NULL)
+ if ((path = el_calloc(plen, sizeof(*path))) == NULL)
return -1;
(void)snprintf(path, plen, "%s%s", ptr,
elpath + (*ptr == '\0'));
diff -r 3787e7037adb -r 2692af305100 lib/libedit/el.h
--- a/lib/libedit/el.h Tue Jul 23 09:50:27 2019 +0000
+++ b/lib/libedit/el.h Tue Jul 23 10:18:52 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: el.h,v 1.44 2018/11/18 17:09:39 christos Exp $ */
+/* $NetBSD: el.h,v 1.45 2019/07/23 10:18:52 christos Exp $ */
/*-
* Copyright (c) 1992, 1993
@@ -89,6 +89,7 @@
* Until we come up with something better...
*/
#define el_malloc(a) malloc(a)
+#define el_calloc(a,b) calloc(a, b)
#define el_realloc(a,b) realloc(a, b)
#define el_free(a) free(a)
diff -r 3787e7037adb -r 2692af305100 lib/libedit/filecomplete.c
--- a/lib/libedit/filecomplete.c Tue Jul 23 09:50:27 2019 +0000
+++ b/lib/libedit/filecomplete.c Tue Jul 23 10:18:52 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: filecomplete.c,v 1.55 2019/04/20 08:44:10 abhinav Exp $ */
+/* $NetBSD: filecomplete.c,v 1.56 2019/07/23 10:18:52 christos Exp $ */
/*-
* Copyright (c) 1997 The NetBSD Foundation, Inc.
@@ -31,7 +31,7 @@
#include "config.h"
#if !defined(lint) && !defined(SCCSID)
-__RCSID("$NetBSD: filecomplete.c,v 1.55 2019/04/20 08:44:10 abhinav Exp $");
+__RCSID("$NetBSD: filecomplete.c,v 1.56 2019/07/23 10:18:52 christos Exp $");
#endif /* not lint && not SCCSID */
#include <sys/types.h>
@@ -83,7 +83,7 @@
} else {
/* text until string after slash */
len = (size_t)(temp - txt + 1);
- temp = el_malloc(len * sizeof(*temp));
+ temp = el_calloc(len, sizeof(*temp));
if (temp == NULL)
return NULL;
(void)strncpy(temp, txt + 1, len - 2);
@@ -118,7 +118,7 @@
txt += len;
len = strlen(pass->pw_dir) + 1 + strlen(txt) + 1;
- temp = el_malloc(len * sizeof(*temp));
+ temp = el_calloc(len, sizeof(*temp));
if (temp == NULL)
return NULL;
(void)snprintf(temp, len, "%s/%s", pass->pw_dir, txt);
@@ -179,7 +179,7 @@
{
size_t i;
size_t j = 0;
- wchar_t *unescaped = el_malloc(sizeof(*string) * (length + 1));
+ wchar_t *unescaped = el_calloc(length + 1, sizeof(*string));
if (unescaped == NULL)
return NULL;
for (i = 0; i < length ; i++) {
@@ -410,7 +410,7 @@
#endif
len = strlen(dirname) + len + 1;
- temp = el_malloc(len * sizeof(*temp));
+ temp = el_calloc(len, sizeof(*temp));
if (temp == NULL)
return NULL;
(void)snprintf(temp, len, "%s%s", dirname, entry->d_name);
@@ -486,7 +486,7 @@
max_equal = i;
}
- retstr = el_malloc((max_equal + 1) * sizeof(*retstr));
+ retstr = el_calloc(max_equal + 1, sizeof(*retstr));
if (retstr == NULL) {
el_free(match_list);
return NULL;
diff -r 3787e7037adb -r 2692af305100 lib/libedit/hist.c
--- a/lib/libedit/hist.c Tue Jul 23 09:50:27 2019 +0000
+++ b/lib/libedit/hist.c Tue Jul 23 10:18:52 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: hist.c,v 1.32 2017/03/05 19:23:58 christos Exp $ */
+/* $NetBSD: hist.c,v 1.33 2019/07/23 10:18:52 christos Exp $ */
/*-
* Copyright (c) 1992, 1993
@@ -37,7 +37,7 @@
#if 0
static char sccsid[] = "@(#)hist.c 8.1 (Berkeley) 6/4/93";
#else
-__RCSID("$NetBSD: hist.c,v 1.32 2017/03/05 19:23:58 christos Exp $");
+__RCSID("$NetBSD: hist.c,v 1.33 2019/07/23 10:18:52 christos Exp $");
#endif
#endif /* not lint && not SCCSID */
@@ -59,7 +59,7 @@
el->el_history.fun = NULL;
el->el_history.ref = NULL;
- el->el_history.buf = el_malloc(EL_BUFSIZ * sizeof(*el->el_history.buf));
+ el->el_history.buf = el_calloc(EL_BUFSIZ, sizeof(*el->el_history.buf));
el->el_history.sz = EL_BUFSIZ;
if (el->el_history.buf == NULL)
return -1;
diff -r 3787e7037adb -r 2692af305100 lib/libedit/keymacro.c
--- a/lib/libedit/keymacro.c Tue Jul 23 09:50:27 2019 +0000
+++ b/lib/libedit/keymacro.c Tue Jul 23 10:18:52 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: keymacro.c,v 1.23 2016/05/24 15:00:45 christos Exp $ */
+/* $NetBSD: keymacro.c,v 1.24 2019/07/23 10:18:52 christos Exp $ */
/*-
* Copyright (c) 1992, 1993
@@ -37,7 +37,7 @@
#if 0
static char sccsid[] = "@(#)key.c 8.1 (Berkeley) 6/4/93";
#else
-__RCSID("$NetBSD: keymacro.c,v 1.23 2016/05/24 15:00:45 christos Exp $");
+__RCSID("$NetBSD: keymacro.c,v 1.24 2019/07/23 10:18:52 christos Exp $");
#endif
#endif /* not lint && not SCCSID */
@@ -105,7 +105,7 @@
keymacro_init(EditLine *el)
{
- el->el_keymacro.buf = el_malloc(KEY_BUFSIZ *
+ el->el_keymacro.buf = el_calloc(KEY_BUFSIZ,
sizeof(*el->el_keymacro.buf));
if (el->el_keymacro.buf == NULL)
return -1;
diff -r 3787e7037adb -r 2692af305100 lib/libedit/literal.c
--- a/lib/libedit/literal.c Tue Jul 23 09:50:27 2019 +0000
+++ b/lib/libedit/literal.c Tue Jul 23 10:18:52 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: literal.c,v 1.3 2017/06/30 20:26:52 kre Exp $ */
+/* $NetBSD: literal.c,v 1.4 2019/07/23 10:18:52 christos Exp $ */
/*-
* Copyright (c) 2017 The NetBSD Foundation, Inc.
@@ -31,7 +31,7 @@
#include "config.h"
#if !defined(lint) && !defined(SCCSID)
-__RCSID("$NetBSD: literal.c,v 1.3 2017/06/30 20:26:52 kre Exp $");
+__RCSID("$NetBSD: literal.c,v 1.4 2019/07/23 10:18:52 christos Exp $");
#endif /* not lint && not SCCSID */
/*
@@ -97,9 +97,9 @@
if (b == NULL)
return 0;
- for (n = 0, i = 0; i < len; i++)
- n += ct_encode_char(b + n, w - n, buf[i]);
- n += ct_encode_char(b + n, w - n, end[1]);
+ for (n = 0, i = 0; i < len; i++) {
+ n += ct_encode_char(b + n, (size_t)(w - n), buf[i]);
+ n += ct_encode_char(b + n, (size_t)(w - n), end[1]);
b[n] = '\0';
/*
diff -r 3787e7037adb -r 2692af305100 lib/libedit/map.c
--- a/lib/libedit/map.c Tue Jul 23 09:50:27 2019 +0000
+++ b/lib/libedit/map.c Tue Jul 23 10:18:52 2019 +0000
@@ -1,4 +1,4 @@
Home |
Main Index |
Thread Index |
Old Index