asan report in postproc_subst

bug-readline

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

asan report in postproc_subst_rhs

From:	Grisha Levit
Subject:	asan report in postproc_subst_rhs
Date:	Sun, 19 Mar 2023 20:38:32 -0400

bash --norc -in <<<'^xx^&&x'

AddressSanitizer: heap-buffer-overflow
    #0 postproc_subst_rhs histexpand.c:517

Probably need something like:

diff --git a/lib/readline/histexpand.c b/lib/readline/histexpand.c
index 25d962c2..08a4aa8f 100644
--- a/lib/readline/histexpand.c
+++ b/lib/readline/histexpand.c
@@ -509,9 +509,9 @@ postproc_subst_rhs (void)
          /* a single backslash protects the `&' from lhs interpolation */
          if (subst_rhs[i] == '\\' && subst_rhs[i + 1] == '&')
            i++;
-         if (j >= new_size)
+         if (++j >= new_size)
            new = (char *)xrealloc (new, new_size *= 2);
-         new[j++] = subst_rhs[i];
+         new[j] = subst_rhs[i];
        }
     }
   new[j] = '\0';

[Prev in Thread]

Current Thread

[Next in Thread]

asan report in postproc_subst_rhs, Grisha Levit <=
- Re: asan report in postproc_subst_rhs, Chet Ramey, 2023/03/20

Prev by Date: Re: asan report in _rl_free_undo_list
Next by Date: Re: asan report in postproc_subst_rhs
Previous by thread: asan report in _rl_free_undo_list
Next by thread: Re: asan report in postproc_subst_rhs
Index(es):
- Date
- Thread