Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/lib/libedit PR/54399: Sören Tempel: Uninitialized memory acc...



details:   https://anonhg.NetBSD.org/src/rev/2692af305100
branches:  trunk
changeset: 1000347:2692af305100
user:      christos <christos%NetBSD.org@localhost>
date:      Tue Jul 23 10:18:52 2019 +0000

description:
PR/54399: Sören Tempel: Uninitialized memory access in libedit history.
Initialize the buffer using calloc. While here change all malloc(a * sizeof(b))
to calloc(a, sizeof(b)). XXX: should fix realloc similarly.

diffstat:

 lib/libedit/chared.c       |  18 ++++++------------
 lib/libedit/chartype.c     |   6 +++---
 lib/libedit/el.c           |  10 ++++------
 lib/libedit/el.h           |   3 ++-
 lib/libedit/filecomplete.c |  14 +++++++-------
 lib/libedit/hist.c         |   6 +++---
 lib/libedit/keymacro.c     |   6 +++---
 lib/libedit/literal.c      |  10 +++++-----
 lib/libedit/map.c          |  12 ++++++------
 lib/libedit/parse.c        |   6 +++---
 lib/libedit/read.c         |   7 +++----
 lib/libedit/readline.c     |  20 ++++++++++----------
 lib/libedit/search.c       |   6 +++---
 lib/libedit/terminal.c     |  22 +++++++++-------------
 lib/libedit/vi.c           |   8 ++++----
 15 files changed, 71 insertions(+), 83 deletions(-)

diffs (truncated from 612 to 300 lines):

diff -r 3787e7037adb -r 2692af305100 lib/libedit/chared.c
--- a/lib/libedit/chared.c      Tue Jul 23 09:50:27 2019 +0000
+++ b/lib/libedit/chared.c      Tue Jul 23 10:18:52 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: chared.c,v 1.58 2019/07/23 09:47:16 christos Exp $     */
+/*     $NetBSD: chared.c,v 1.59 2019/07/23 10:18:52 christos Exp $     */
 
 /*-
  * Copyright (c) 1992, 1993
@@ -37,7 +37,7 @@
 #if 0
 static char sccsid[] = "@(#)chared.c   8.1 (Berkeley) 6/4/93";
 #else
-__RCSID("$NetBSD: chared.c,v 1.58 2019/07/23 09:47:16 christos Exp $");
+__RCSID("$NetBSD: chared.c,v 1.59 2019/07/23 10:18:52 christos Exp $");
 #endif
 #endif /* not lint && not SCCSID */
 
@@ -396,26 +396,22 @@
 libedit_private int
 ch_init(EditLine *el)
 {
-       el->el_line.buffer              = el_malloc(EL_BUFSIZ *
+       el->el_line.buffer              = el_calloc(EL_BUFSIZ,
            sizeof(*el->el_line.buffer));
        if (el->el_line.buffer == NULL)
                return -1;
 
-       (void) memset(el->el_line.buffer, 0, EL_BUFSIZ *
-           sizeof(*el->el_line.buffer));
        el->el_line.cursor              = el->el_line.buffer;
        el->el_line.lastchar            = el->el_line.buffer;
        el->el_line.limit               = &el->el_line.buffer[EL_BUFSIZ - EL_LEAVE];
 
-       el->el_chared.c_undo.buf        = el_malloc(EL_BUFSIZ *
+       el->el_chared.c_undo.buf        = el_calloc(EL_BUFSIZ,
            sizeof(*el->el_chared.c_undo.buf));
        if (el->el_chared.c_undo.buf == NULL)
                return -1;
-       (void) memset(el->el_chared.c_undo.buf, 0, EL_BUFSIZ *
-           sizeof(*el->el_chared.c_undo.buf));
        el->el_chared.c_undo.len        = -1;
        el->el_chared.c_undo.cursor     = 0;
-       el->el_chared.c_redo.buf        = el_malloc(EL_BUFSIZ *
+       el->el_chared.c_redo.buf        = el_calloc(EL_BUFSIZ,
            sizeof(*el->el_chared.c_redo.buf));
        if (el->el_chared.c_redo.buf == NULL)
                return -1;
@@ -426,12 +422,10 @@
        el->el_chared.c_vcmd.action     = NOP;
        el->el_chared.c_vcmd.pos        = el->el_line.buffer;
 
-       el->el_chared.c_kill.buf        = el_malloc(EL_BUFSIZ *
+       el->el_chared.c_kill.buf        = el_calloc(EL_BUFSIZ,
            sizeof(*el->el_chared.c_kill.buf));
        if (el->el_chared.c_kill.buf == NULL)
                return -1;
-       (void) memset(el->el_chared.c_kill.buf, 0, EL_BUFSIZ *
-           sizeof(*el->el_chared.c_kill.buf));
        el->el_chared.c_kill.mark       = el->el_line.buffer;
        el->el_chared.c_kill.last       = el->el_chared.c_kill.buf;
        el->el_chared.c_resizefun       = NULL;
diff -r 3787e7037adb -r 2692af305100 lib/libedit/chartype.c
--- a/lib/libedit/chartype.c    Tue Jul 23 09:50:27 2019 +0000
+++ b/lib/libedit/chartype.c    Tue Jul 23 10:18:52 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: chartype.c,v 1.34 2018/11/25 16:20:28 christos Exp $   */
+/*     $NetBSD: chartype.c,v 1.35 2019/07/23 10:18:52 christos Exp $   */
 
 /*-
  * Copyright (c) 2009 The NetBSD Foundation, Inc.
@@ -31,7 +31,7 @@
  */
 #include "config.h"
 #if !defined(lint) && !defined(SCCSID)
-__RCSID("$NetBSD: chartype.c,v 1.34 2018/11/25 16:20:28 christos Exp $");
+__RCSID("$NetBSD: chartype.c,v 1.35 2019/07/23 10:18:52 christos Exp $");
 #endif /* not lint && not SCCSID */
 
 #include <ctype.h>
@@ -157,7 +157,7 @@
                if (ct_conv_wbuff_resize(conv, bufspace + CT_BUFSIZ) == -1)
                        return NULL;
 
-       wargv = el_malloc((size_t)(argc + 1) * sizeof(*wargv));
+       wargv = el_calloc((size_t)(argc + 1), sizeof(*wargv));
 
        for (i = 0, p = conv->wbuff; i < argc; ++i) {
                if (!argv[i]) {   /* don't pass null pointers to mbstowcs */
diff -r 3787e7037adb -r 2692af305100 lib/libedit/el.c
--- a/lib/libedit/el.c  Tue Jul 23 09:50:27 2019 +0000
+++ b/lib/libedit/el.c  Tue Jul 23 10:18:52 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: el.c,v 1.98 2019/04/26 16:56:57 christos Exp $ */
+/*     $NetBSD: el.c,v 1.99 2019/07/23 10:18:52 christos Exp $ */
 
 /*-
  * Copyright (c) 1992, 1993
@@ -37,7 +37,7 @@
 #if 0
 static char sccsid[] = "@(#)el.c       8.2 (Berkeley) 1/3/94";
 #else
-__RCSID("$NetBSD: el.c,v 1.98 2019/04/26 16:56:57 christos Exp $");
+__RCSID("$NetBSD: el.c,v 1.99 2019/07/23 10:18:52 christos Exp $");
 #endif
 #endif /* not lint && not SCCSID */
 
@@ -71,13 +71,11 @@
 el_init_internal(const char *prog, FILE *fin, FILE *fout, FILE *ferr,
     int fdin, int fdout, int fderr, int flags)
 {
-       EditLine *el = el_malloc(sizeof(*el));
+       EditLine *el = el_calloc(1, sizeof(*el));
 
        if (el == NULL)
                return NULL;
 
-       memset(el, 0, sizeof(EditLine));
-
        el->el_infile = fin;
        el->el_outfile = fout;
        el->el_errfile = ferr;
@@ -534,7 +532,7 @@
                        if ((ptr = getenv("HOME")) == NULL)
                                return -1;
                        plen += strlen(ptr);
-                       if ((path = el_malloc(plen * sizeof(*path))) == NULL)
+                       if ((path = el_calloc(plen, sizeof(*path))) == NULL)
                                return -1;
                        (void)snprintf(path, plen, "%s%s", ptr,
                                elpath + (*ptr == '\0'));
diff -r 3787e7037adb -r 2692af305100 lib/libedit/el.h
--- a/lib/libedit/el.h  Tue Jul 23 09:50:27 2019 +0000
+++ b/lib/libedit/el.h  Tue Jul 23 10:18:52 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: el.h,v 1.44 2018/11/18 17:09:39 christos Exp $ */
+/*     $NetBSD: el.h,v 1.45 2019/07/23 10:18:52 christos Exp $ */
 
 /*-
  * Copyright (c) 1992, 1993
@@ -89,6 +89,7 @@
  * Until we come up with something better...
  */
 #define        el_malloc(a)    malloc(a)
+#define        el_calloc(a,b)  calloc(a, b)
 #define        el_realloc(a,b) realloc(a, b)
 #define        el_free(a)      free(a)
 
diff -r 3787e7037adb -r 2692af305100 lib/libedit/filecomplete.c
--- a/lib/libedit/filecomplete.c        Tue Jul 23 09:50:27 2019 +0000
+++ b/lib/libedit/filecomplete.c        Tue Jul 23 10:18:52 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: filecomplete.c,v 1.55 2019/04/20 08:44:10 abhinav Exp $        */
+/*     $NetBSD: filecomplete.c,v 1.56 2019/07/23 10:18:52 christos Exp $       */
 
 /*-
  * Copyright (c) 1997 The NetBSD Foundation, Inc.
@@ -31,7 +31,7 @@
 
 #include "config.h"
 #if !defined(lint) && !defined(SCCSID)
-__RCSID("$NetBSD: filecomplete.c,v 1.55 2019/04/20 08:44:10 abhinav Exp $");
+__RCSID("$NetBSD: filecomplete.c,v 1.56 2019/07/23 10:18:52 christos Exp $");
 #endif /* not lint && not SCCSID */
 
 #include <sys/types.h>
@@ -83,7 +83,7 @@
        } else {
                /* text until string after slash */
                len = (size_t)(temp - txt + 1);
-               temp = el_malloc(len * sizeof(*temp));
+               temp = el_calloc(len, sizeof(*temp));
                if (temp == NULL)
                        return NULL;
                (void)strncpy(temp, txt + 1, len - 2);
@@ -118,7 +118,7 @@
        txt += len;
 
        len = strlen(pass->pw_dir) + 1 + strlen(txt) + 1;
-       temp = el_malloc(len * sizeof(*temp));
+       temp = el_calloc(len, sizeof(*temp));
        if (temp == NULL)
                return NULL;
        (void)snprintf(temp, len, "%s/%s", pass->pw_dir, txt);
@@ -179,7 +179,7 @@
 {
        size_t i;
        size_t j = 0;
-       wchar_t *unescaped = el_malloc(sizeof(*string) * (length + 1));
+       wchar_t *unescaped = el_calloc(length + 1, sizeof(*string));
        if (unescaped == NULL)
                return NULL;
        for (i = 0; i < length ; i++) {
@@ -410,7 +410,7 @@
 #endif
 
                len = strlen(dirname) + len + 1;
-               temp = el_malloc(len * sizeof(*temp));
+               temp = el_calloc(len, sizeof(*temp));
                if (temp == NULL)
                        return NULL;
                (void)snprintf(temp, len, "%s%s", dirname, entry->d_name);
@@ -486,7 +486,7 @@
                max_equal = i;
        }
 
-       retstr = el_malloc((max_equal + 1) * sizeof(*retstr));
+       retstr = el_calloc(max_equal + 1, sizeof(*retstr));
        if (retstr == NULL) {
                el_free(match_list);
                return NULL;
diff -r 3787e7037adb -r 2692af305100 lib/libedit/hist.c
--- a/lib/libedit/hist.c        Tue Jul 23 09:50:27 2019 +0000
+++ b/lib/libedit/hist.c        Tue Jul 23 10:18:52 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: hist.c,v 1.32 2017/03/05 19:23:58 christos Exp $       */
+/*     $NetBSD: hist.c,v 1.33 2019/07/23 10:18:52 christos Exp $       */
 
 /*-
  * Copyright (c) 1992, 1993
@@ -37,7 +37,7 @@
 #if 0
 static char sccsid[] = "@(#)hist.c     8.1 (Berkeley) 6/4/93";
 #else
-__RCSID("$NetBSD: hist.c,v 1.32 2017/03/05 19:23:58 christos Exp $");
+__RCSID("$NetBSD: hist.c,v 1.33 2019/07/23 10:18:52 christos Exp $");
 #endif
 #endif /* not lint && not SCCSID */
 
@@ -59,7 +59,7 @@
 
        el->el_history.fun = NULL;
        el->el_history.ref = NULL;
-       el->el_history.buf = el_malloc(EL_BUFSIZ * sizeof(*el->el_history.buf));
+       el->el_history.buf = el_calloc(EL_BUFSIZ, sizeof(*el->el_history.buf));
        el->el_history.sz  = EL_BUFSIZ;
        if (el->el_history.buf == NULL)
                return -1;
diff -r 3787e7037adb -r 2692af305100 lib/libedit/keymacro.c
--- a/lib/libedit/keymacro.c    Tue Jul 23 09:50:27 2019 +0000
+++ b/lib/libedit/keymacro.c    Tue Jul 23 10:18:52 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: keymacro.c,v 1.23 2016/05/24 15:00:45 christos Exp $   */
+/*     $NetBSD: keymacro.c,v 1.24 2019/07/23 10:18:52 christos Exp $   */
 
 /*-
  * Copyright (c) 1992, 1993
@@ -37,7 +37,7 @@
 #if 0
 static char sccsid[] = "@(#)key.c      8.1 (Berkeley) 6/4/93";
 #else
-__RCSID("$NetBSD: keymacro.c,v 1.23 2016/05/24 15:00:45 christos Exp $");
+__RCSID("$NetBSD: keymacro.c,v 1.24 2019/07/23 10:18:52 christos Exp $");
 #endif
 #endif /* not lint && not SCCSID */
 
@@ -105,7 +105,7 @@
 keymacro_init(EditLine *el)
 {
 
-       el->el_keymacro.buf = el_malloc(KEY_BUFSIZ *
+       el->el_keymacro.buf = el_calloc(KEY_BUFSIZ,
            sizeof(*el->el_keymacro.buf));
        if (el->el_keymacro.buf == NULL)
                return -1;
diff -r 3787e7037adb -r 2692af305100 lib/libedit/literal.c
--- a/lib/libedit/literal.c     Tue Jul 23 09:50:27 2019 +0000
+++ b/lib/libedit/literal.c     Tue Jul 23 10:18:52 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: literal.c,v 1.3 2017/06/30 20:26:52 kre Exp $  */
+/*     $NetBSD: literal.c,v 1.4 2019/07/23 10:18:52 christos Exp $     */
 
 /*-
  * Copyright (c) 2017 The NetBSD Foundation, Inc.
@@ -31,7 +31,7 @@
 
 #include "config.h"
 #if !defined(lint) && !defined(SCCSID)
-__RCSID("$NetBSD: literal.c,v 1.3 2017/06/30 20:26:52 kre Exp $");
+__RCSID("$NetBSD: literal.c,v 1.4 2019/07/23 10:18:52 christos Exp $");
 #endif /* not lint && not SCCSID */
 
 /*
@@ -97,9 +97,9 @@
        if (b == NULL)
                return 0;
 
-       for (n = 0, i = 0; i < len; i++)
-               n += ct_encode_char(b + n, w - n, buf[i]);
-       n += ct_encode_char(b + n, w - n, end[1]);
+       for (n = 0, i = 0; i < len; i++) {
+               n += ct_encode_char(b + n, (size_t)(w - n), buf[i]);
+       n += ct_encode_char(b + n, (size_t)(w - n), end[1]);
        b[n] = '\0';
 
        /*
diff -r 3787e7037adb -r 2692af305100 lib/libedit/map.c
--- a/lib/libedit/map.c Tue Jul 23 09:50:27 2019 +0000
+++ b/lib/libedit/map.c Tue Jul 23 10:18:52 2019 +0000
@@ -1,4 +1,4 @@



Home | Main Index | Thread Index | Old Index