segfault in readline-5.1 in rl_callback_read_char()

[Mike Frysinger]

another dev noticed this when using readline in python:
$ python
Python 2.4.2 (#1, Sep 29 2005, 06:07:43) 
[GCC 3.4.4 (Gentoo 3.4.4-r1, HTB-3.4.4-1.00, ssp-3.4.4-1.0, pie-8.7.8)] on 
linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> <DEL><DEL>Segmentation fault

that is, all we have to do is run `python` and hit the delete key
twice and python falls on its face

running it through gdb shows this:
(gdb) bt
#0  _rl_dispatch_callback (cxt=0x0) at readline.c:625
#1  0x000034b22419a968 in rl_callback_read_char () at callback.c:154
#2  0x000034b224046395 in ?? () from /usr/lib/python2.4/lib-dynload/readline.so

and indeed, we see in callback.c:
else if (RL_ISSTATE (RL_STATE_MULTIKEY))
  {
    eof = _rl_dispatch_callback (_rl_kscxt);  /* For now */
    while ((eof == -1 || eof == -2) && RL_ISSTATE (RL_STATE_MULTIKEY) \
           && _rl_kscxt && (_rl_kscxt->flags & KSEQ_DISPATCHED))
      eof = _rl_dispatch_callback (_rl_kscxt);

there is a check in the while() loop to see if _rl_kscxt is non-NULL,
but there is no check in the if statement() before using _rl_kscxt for
the first time

is the fix simply doing this:
-else if (RL_ISSTATE (RL_STATE_MULTIKEY))
+else if (RL_ISSTATE (RL_STATE_MULTIKEY) && _rl_kscxt)

i'm not familiar with the readline source so i cant really say ... but
maybe the if statements before that could use similar changes ?
-if (RL_ISSTATE (RL_STATE_ISEARCH))
+if (RL_ISSTATE (RL_STATE_ISEARCH) && _rl_iscxt)
...
-else if (RL_ISSTATE (RL_STATE_NSEARCH))
+else if (RL_ISSTATE (RL_STATE_NSEARCH) && _rl_nscxt)
...
-else if (RL_ISSTATE (RL_STATE_NUMERICARG))
+else if (RL_ISSTATE (RL_STATE_NUMERICARG) && _rl_argcxt)
-mike