bug-readline
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

rl_message prompt save/restore confusion with prompt=""

From: Grisha Levit
Subject: rl_message prompt save/restore confusion with prompt=""
Date: Mon, 6 Mar 2023 18:55:06 -0500 
The documentation suggests that one should call rl_save_prompt /
rl_restore_prompt before calling rl_message / rl_clear_message:

    -- Function: int rl_message (const char *, ...)
        [...] You should call 'rl_save_prompt' to save the prompt information
        before calling this function.
    -- Function: int rl_clear_message (void)
        [...] If the prompt was saved with a call to 'rl_save_prompt' before
        the last call to 'rl_message', call 'rl_restore_prompt' before
        calling this function.

However, the *_message functions contain bits that attempt to
save/restore the prompt anyway, using a null saved_local_prompt to
signal that the prompt has not been saved yet:

    # rl_message
    if (saved_local_prompt == 0)
      {
        rl_save_prompt ();
        msg_saved_prompt = 1;
      }

    # rl_clear_message
    if (msg_saved_prompt)
      {
        rl_restore_prompt ();
        msg_saved_prompt = 0;
      }

There is a problem though -- if readline was called with prompt="",
rl_expand_prompt will leave local_prompt set to 0 and so even if
rl_save_prompt has been called, saved_local_prompt will still == 0.

In this case, the prompt ends up being "saved" twice and then
"restored" twice while executing something like rl_digit_argument, and
the arrays local_prompt_newlines and local_prompt_invis_chars end up
as null pointers afterwards.

AFAICT this hasn't been a problem for the last 18 years [1] but with
the addition of local_prompt_invis_chars [2] now leads to a crash:

    $ PS1= ./bash --norc -in <<<$'\e1'
    (arg: 1) lib/readline/display.c:2124:25: runtime error: applying
zero offset to null pointer
    Segmentation fault: 11

An easy way to fix this might be to remove the msg_saved_prompt logic
since it seems to just protect against improper usage.
Alternatively, rl_expand_prompt can be changed to not return early
with an empty prompt, thereby making local_prompt a non-null pointer
so rl_message can properly pick up on its having been saved.

[1]: https://git.savannah.gnu.org/cgit/bash.git/commit/?id=6e70dbff
[2]: https://git.savannah.gnu.org/cgit/bash.git/commit/?id=31f4d468
reply via email to
[Prev in Thread] Current Thread [Next in Thread]