[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug-readline] Crash in readline 7.0 and 6.3 when using horizontal-scrol
|
From: |
Mateusz Lenik |
|
Subject: |
[Bug-readline] Crash in readline 7.0 and 6.3 when using horizontal-scroll-mode |
|
Date: |
Sat, 12 Nov 2016 19:39:22 +0100 |
Hello,
originally I encountered this bug in GDB with GEF plugin.
The plugin tried to set a custom prompt. Additionally it changed
some GDB settings, which translates to the following readline call:
rl_set_screen_size(INT_MAX, INT_MAX);
Setting _rl_screenwidth to INT_MAX causes signed integer overflow in
display.c:1306.
1306 t = lmargin + M_OFFSET (lmargin, wrap_offset) +_rl_screenwidth;
1307 if (t < out)
1308 line[t - 1] = '>';
This makes the test always pass and a byte gets written to an invalid
address.
Turning horizontal-scroll-mode off works around this problem (the code
in question is never executed).
Steps to reproduce:
1. echo "set horizontal-scroll-mode on" >> ~/.inputrc
2. gcc rltest.c -o rltest -l readline
3. ./rltest
You can find rltest.c attached to this message.
--
mlen
rltest.c
Description: Text Data
pgpQbtXAUfPo_.pgp
Description: OpenPGP digital signature
- [Bug-readline] Crash in readline 7.0 and 6.3 when using horizontal-scroll-mode,
Mateusz Lenik <=