Re: history-search-* and undo lists

Mon, 18 Nov 2024 19:22:58 -0800 

On Tue, Nov 5, 2024 at 11:20 AM Chet Ramey <chet.ra...@case.edu> wrote:
>
> On 10/18/24 4:22 PM, Grisha Levit wrote:
> > There's some issue with undo list handling in history-search-* commands:
> >
> > Doing a successful search with a line that has an undo list causes the
> > undo entries from that list to leaked:
>
> Thanks for the report. Please try this with the latest devel branch push.

Yup, can confirm much fewer fuzzing hits now.

But here's a remaining one in combination with history-expand-line:

HISTFILE= INPUTRC=/ bash --norc -in <<< \
$'X\n\e[A!X\e^\e[A'
=================================================================
ERROR: LeakSanitizer: detected memory leaks

Direct leak of 32 byte(s) in 1 object(s) allocated from:
    #2 alloc_undo_entry             lib/readline/undo.c:75:23
    #3 rl_add_undo                  lib/readline/undo.c:92:10
    #4 maybe_make_readline_line     bashline.c:2804:7
    #5 set_up_new_line              bashline.c:2832:3
    #6 history_expand_line          bashline.c:2896:7
    #7 _rl_dispatch_subseq          lib/readline/readline.c:941:8


HISTFILE= INPUTRC=/ bash --norc -in <<< \
$'X\n\cPX\e[A!X\et\e^\exhistory-search-forward\n\e1\cO'
=================================================================
ERROR: AddressSanitizer: heap-use-after-free on address 0xe87234c21f48
READ of size 4 at 0xe87234c21f48 thread T0
    #0  rl_do_undo                  undo.c:188:25
    #1  rl_revert_line              undo.c:339:2
    #2  readline_common_teardown    readline.c:493:7
    #3  readline_internal_teardown  readline.c:518:3
    #4  readline_internal           readline.c:750:11
    #5  readline                    readline.c:387:11

0xe87234c21f48 is located 24 bytes inside of 32-byte region
[0xe87234c21f30,0xe87234c21f50)
freed by thread T0 here:
    #2  _rl_free_undo_list          undo.c:111:7
    #3  rl_free_undo_list           undo.c:122:3
    #4  readline_common_teardown    readline.c:507:5
    #5  readline_internal_teardown  readline.c:518:3
    #6  readline_internal           readline.c:750:11
    #7  readline                    readline.c:387:11

previously allocated by thread T0 here:
    #2  alloc_undo_entry            undo.c:75:23
    #3  rl_add_undo                 undo.c:92:10
    #4  rl_insert_text              text.c:114:2
    #5  _rl_insert_char             text.c:935:7
    #6  rl_insert                   text.c:989:42
    #7  _rl_dispatch_subseq         readline.c:941:8
    #8  _rl_dispatch                readline.c:876:10
    #9  readline_internal_char      readline.c:690:11
    #10 readline_internal_charloop  readline.c:737:11
    #11 readline_internal           readline.c:749:18
    #12 readline                    readline.c:387:11

Reply via email to