Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: PATCH: Crash bug on garbage input (previously reported to Debian)

X-seq: zsh-workers 34562
From: Mikael Magnusson <mikachu@xxxxxxxxx>
To: Peter Stephenson <p.stephenson@xxxxxxxxxxx>
Subject: Re: PATCH: Crash bug on garbage input (previously reported to Debian)
Date: Tue, 17 Feb 2015 10:02:14 +0100
Cc: zsh workers <zsh-workers@xxxxxxx>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=Rqe+4Zd7FrqtKZfGligjNq7dUM+Vq8mo96lHTKi5Co4=; b=fFI9L3qUossnpqMGmGXx9GK6+r/rb7l2Rc/mTq0jqfrWHXJ8IP7aZZdojdnigZo7BR qW7ZfKnJqgQ1YuwGV3oq/ttfLDvgmzFZqIXj7wPKjhsZUzUXy6oAf2O1Pu7PhCz/SSse 9ZvD7OqkSu79phB5zmAdhgsNGc9KpzYGasw9Xz+a2M/vtr2mnjvsFZU8ck1D/Da6Q2Xm oOFmybNAiwvB9bSNxpFnKaWu57vbjKH+Z3s8DXG3ekfiO1vAadEFEeTAbW0lRO5aW+1G KpgOJn3B0W9+/Tz8zhi9LEtk5lDqDOY52ZdyoxQdc4YE4ZSOUmVSFOSCoCpJbvX/XqXD uROw==
In-reply-to: <20150216170413.054623af@pwslap01u.europe.root.pri>
List-help: <mailto:zsh-workers-help@zsh.org>
List-id: Zsh Workers List <zsh-workers.zsh.org>
List-post: <mailto:zsh-workers@zsh.org>
Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm
References: <150214102534.ZM4368@torch.brasslantern.com> <20150214214209.6d2f5e7e@ntlworld.com> <150215112622.ZM11584@torch.brasslantern.com> <20150216125749.7a26822c@pwslap01u.europe.root.pri> <20150216170413.054623af@pwslap01u.europe.root.pri>

On Mon, Feb 16, 2015 at 6:04 PM, Peter Stephenson
<p.stephenson@xxxxxxxxxxx> wrote:
> Here's a simple fix for appending to the input buffer instead of
> replacing it for this case.
>
> diff --git a/Src/input.c b/Src/input.c
> index 9520fdd..f919e57 100644
> --- a/Src/input.c
> +++ b/Src/input.c
> @@ -330,8 +330,37 @@ inputline(void)
>         }
>      }
>      isfirstch = 1;
> -    /* Put this into the input channel. */
> -    inputsetline(ingetcline, INP_FREE);
> +    if ((inbufflags & INP_APPEND) && inbuf) {
> +       /*
> +        * We need new input but need to be able to back up
> +        * over the old input, so append this line.
> +        * Pushing the line onto the stack doesn't have the right
> +        * effect.
> +        *
> +        * This is quite a simple and inefficient fix, but currently
> +        * we only need it when backing up over a multi-line $((...
> +        * that turned out to be a command substitution rather than
> +        * a math substitution, which is a very special case.
> +        * So it's not worth rewriting.
> +        */
> +       char *oinbuf = inbuf;
> +       int newlen = strlen(ingetcline);
> +       int oldlen = (int)(inbufptr - inbuf) + inbufleft;
> +       if (inbufflags & INP_FREE) {
> +           inbuf = realloc(inbuf, oldlen + newlen + 1);
> +           inbufptr += inbuf - oinbuf;
> +           strcpy(inbuf + oldlen, ingetcline);

Coverity complains that ingetcline is not freed in the above path.
+free(ingetcline); here?

> +       } else {
> +           /* Paranoia: don't think this is used */
> +           DPUTS(1, "Appending to unallocated input line.");
> +       }
> +       inbufleft += newlen;
> +       inbufct += newlen;
> +       inbufflags |= INP_FREE;
> +    } else {
> +       /* Put this into the input channel. */
> +       inputsetline(ingetcline, INP_FREE);
> +    }
>
>      return 0;
>  }


-- 
Mikael Magnusson

Follow-Ups:
- Re: PATCH: Crash bug on garbage input (previously reported to Debian)
  - From: Peter Stephenson

References:
- PATCH: Crash bug on garbage input (previously reported to Debian)
  - From: Bart Schaefer
- Re: PATCH: Crash bug on garbage input (previously reported to Debian)
  - From: Peter Stephenson
- Re: PATCH: Crash bug on garbage input (previously reported to Debian)
  - From: Bart Schaefer
- Re: PATCH: Crash bug on garbage input (previously reported to Debian)
  - From: Peter Stephenson
- Re: PATCH: Crash bug on garbage input (previously reported to Debian)
  - From: Peter Stephenson

Messages sorted by: Reverse Date, Date, Thread, Author