diff --git a/CWRU/CWRU.chlog b/CWRU/CWRU.chlog index 3e9cee66..01a46904 100644 --- a/CWRU/CWRU.chlog +++ b/CWRU/CWRU.chlog @@ -14034,3 +14034,16 @@ lib/glob/sm_loop.c lib/readline/histlib.h - strchr: only declare if __STDC__ is not defined, since we already include . Report from Chi-Hsuan Yen + + 6/9 + --- +lib/readline/display.c + - update_line: when wrapping lines with multibyte chars at the end of + the new line being wrapped, make sure we copy the NULL byte in old + when moving the contents of old around. Fuzzing bug reported by + Eduardo Bustamante + +lib/readline/mbutil.c + - _rl_get_char_len: use MB_CUR_MAX in the call to mbrlen; there's no + need to look at the rest of the string when we're just interested in + the length of a single character diff --git a/builtins/read.def b/builtins/read.def index 520a2b34..99c896fe 100644 --- a/builtins/read.def +++ b/builtins/read.def @@ -386,7 +386,7 @@ read_builtin (list) sync_buffered_stream (default_buffered_input); #endif -#if 1 +#if 0 input_is_tty = isatty (fd); #else input_is_tty = 1; diff --git a/lib/readline/display.c b/lib/readline/display.c index 35c09490..9a627b88 100644 --- a/lib/readline/display.c +++ b/lib/readline/display.c @@ -266,6 +266,8 @@ static int *local_prompt_newlines; lines and the current line is so marked. */ static int modmark; +static int line_totbytes; + /* Variables to save and restore prompt and display information. */ /* These are getting numerous enough that it's time to create a struct. */ @@ -1072,6 +1074,7 @@ rl_redisplay (void) #endif } line[out] = '\0'; + line_totbytes = out; if (cpos_buffer_position < 0) { cpos_buffer_position = out; @@ -1480,6 +1483,8 @@ update_line (char *old, char *new, int current_line, int omax, int nmax, int inv the screen and dealing with changes to what's visible by modifying OLD to match it. Complicated by the presence of multi-width characters at the end of the line or beginning of the new one. */ + /* old is always somewhere in visible_line; new is always somewhere in + invisible_line. These should always be null-terminated. */ #if defined (HANDLE_MULTIBYTE) if (mb_cur_max > 1 && rl_byte_oriented == 0) { @@ -1593,8 +1598,9 @@ update_line (char *old, char *new, int current_line, int omax, int nmax, int inv { /* We have written as many bytes from new as we need to consume the first character of old. Fix up `old' so it - reflects the new screen contents */ - memmove (old+newbytes, old+oldbytes, strlen (old+oldbytes)); + reflects the new screen contents. We use +1 in the + memmove call to copy the trailing NUL. */ + memmove (old+newbytes, old+oldbytes, strlen (old+oldbytes) + 1); memcpy (old, new, newbytes); j = newbytes - oldbytes; @@ -1627,7 +1633,6 @@ update_line (char *old, char *new, int current_line, int omax, int nmax, int inv } } - /* Find first difference. */ #if defined (HANDLE_MULTIBYTE) if (mb_cur_max > 1 && rl_byte_oriented == 0) diff --git a/lib/readline/mbutil.c b/lib/readline/mbutil.c index fac1460f..5799a1d1 100644 --- a/lib/readline/mbutil.c +++ b/lib/readline/mbutil.c @@ -220,7 +220,7 @@ _rl_get_char_len (char *src, mbstate_t *ps) { size_t tmp; - tmp = mbrlen((const char *)src, (size_t)strlen (src), ps); + tmp = mbrlen((const char *)src, MB_CUR_MAX, ps); if (tmp == (size_t)(-2)) { /* shorted to compose multibyte char */ diff --git a/tests/RUN-ONE-TEST b/tests/RUN-ONE-TEST index 554f3d6e..58c375b7 100755 --- a/tests/RUN-ONE-TEST +++ b/tests/RUN-ONE-TEST @@ -1,4 +1,4 @@ -BUILD_DIR=/usr/local/build/bash/bash-current +BUILD_DIR=/usr/local/build/chet/bash/bash-current THIS_SH=$BUILD_DIR/bash PATH=$PATH:$BUILD_DIR