[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
history expansion with unterminated single-quoted string
From: |
Grisha Levit |
Subject: |
history expansion with unterminated single-quoted string |
Date: |
Mon, 6 Mar 2023 20:30:57 -0500 |
./bash --norc -in <<<"'^"
bash-5.2$ '^
=================================================================
==94881==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x000105b02580 at pc 0x0001027422e4 bp 0x00016dcadd10 sp
0x00016dcadd08
READ of size 1 at 0x000105b02580 thread T0
#0 0x1027422e0 in history_expand histexpand.c:1004
#1 0x102464778 in pre_process_line bashhist.c:570
diff --git a/lib/readline/histexpand.c b/lib/readline/histexpand.c
index 38a49531..ab6f0830 100644
--- a/lib/readline/histexpand.c
+++ b/lib/readline/histexpand.c
@@ -1054,6 +1054,8 @@ history_expand (const char *hstring, char **output)
flag = (i > 0 && string[i - 1] == '$');
i++;
hist_string_extract_single_quoted (string, &i, flag);
+ if (i >= l)
+ break;
}
else if (history_quotes_inhibit_expansion && string[i] == '\\')
{
- history expansion with unterminated single-quoted string,
Grisha Levit <=