history expansion with unterminated single-quoted string

bug-readline

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

history expansion with unterminated single-quoted string

From:	Grisha Levit
Subject:	history expansion with unterminated single-quoted string
Date:	Mon, 6 Mar 2023 20:30:57 -0500

./bash --norc -in <<<"'^"
bash-5.2$ '^
=================================================================
==94881==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x000105b02580 at pc 0x0001027422e4 bp 0x00016dcadd10 sp
0x00016dcadd08
READ of size 1 at 0x000105b02580 thread T0
    #0 0x1027422e0 in history_expand histexpand.c:1004
    #1 0x102464778 in pre_process_line bashhist.c:570

diff --git a/lib/readline/histexpand.c b/lib/readline/histexpand.c
index 38a49531..ab6f0830 100644
--- a/lib/readline/histexpand.c
+++ b/lib/readline/histexpand.c
@@ -1054,6 +1054,8 @@ history_expand (const char *hstring, char **output)
              flag = (i > 0 && string[i - 1] == '$');
              i++;
              hist_string_extract_single_quoted (string, &i, flag);
+              if (i >= l)
+                break;
            }
          else if (history_quotes_inhibit_expansion && string[i] == '\\')
            {

[Prev in Thread]

Current Thread

[Next in Thread]

history expansion with unterminated single-quoted string, Grisha Levit <=
- Re: history expansion with unterminated single-quoted string, Chet Ramey, 2023/03/10

Prev by Date: rl_message prompt save/restore confusion with prompt=""
Next by Date: asan report in rl_unix_filename_rubout
Previous by thread: rl_message prompt save/restore confusion with prompt=""
Next by thread: Re: history expansion with unterminated single-quoted string
Index(es):
- Date
- Thread