Re: [BUG] sigsegv

[Peter Stephenson <p.w.stephenson@xxxxxxxxxxxx>]

On Wed, 2023-05-03 at 17:25 +0100, Peter Stephenson wrote:
> > On 03/05/2023 16:35 Sebastian Gniazdowski <sgniazdowski@xxxxxxxxx> wrote:
> > The error occurs with patch. I've played around in gdb:
> > 
> > (gdb) p (int)(e-hstr)
> > $65 = -31903
> > 
> > This should be positive – e points to a \0 inserted in hstr. That's
> > why printing e shows unexpected values. How come wend became negative?
> 
> Very good question --- I'll add the test for that as a first step but
> there shouldn't be too many places in the code where that can come from.

Here's the first step.

> I wonder if it's interpreting a bad status return as a length.

To be invesitgated, but this might make sense --- this would probably be a
negative integer.

pws


diff --git a/Src/Modules/parameter.c b/Src/Modules/parameter.c
index 96a211c69..a05ea2fe4 100644
--- a/Src/Modules/parameter.c
+++ b/Src/Modules/parameter.c
@@ -1233,9 +1233,16 @@ histwgetfn(UNUSED(Param pm))
             pushnode(l, getdata(n));
 
     while (he) {
+	char *hstr = he->node.nam;
+	int len = strlen(hstr);
 	for (iw = he->nwords - 1; iw >= 0; iw--) {
-	    h = he->node.nam + he->words[iw * 2];
-	    e = he->node.nam + he->words[iw * 2 + 1];
+	    int wbegin = he->words[iw * 2];
+	    int wend = he->words[iw * 2 + 1];
+
+	    if (wbegin < 0 || wbegin >= len || wend < 0 || wend > len)
+		break;
+	    h = hstr + wbegin;
+	    e = hstr + wend;
 	    sav = *e;
 	    *e = '\0';
 	    addlinknode(l, dupstring(h));