On Wed, Jul 08, 2009 at 04:19:59PM +0200, Pierre Habouzit wrote:
> This doesn't happen with other terminal widths though. It doesn't crash with
> valgrind and reports instead something that sounds like the problem (the
> invalid write, especially since the block size - 136 - is the width of the
> term
> + 1):
Numa found it pretty quickly for me. Well at least it is *a* problem
that looks like yours, if not *the* problem.
As you can probably guess, its an off-by-one problem. buffer_size is
screen width+1, for me its 81
if ((size = read (fd, buffer, buffer_size)) < 0)
If we have small command lines, then size is always less than buffer
size. For long ones we have size=buffer_size So for me the buffer is
malloced up at 81 bytes.
Then:
buffer[size++] = 0;
Oh dear, buffer[size] is buffer[81] but we start at 0, so its the 82nd
byte. For short command lines, we're in our malloced space, but not for
something long.
I have put the following lines in before this last lot:
if (size >= buffer_size)
size--;
It's in the upstream CVS and I'll get it throught to the Debian package
soon. If you want to test it youll find it in the CVS
http://psmisc.cvs.sourceforge.net/viewvc/psmisc/psmisc/src/
- Craig
--
Craig Small GnuPG:1C1B D893 1418 2AF4 45EE 95CB C76C E5AC 12CA DFA5
http://www.enc.com.au/ csmall at : enc.com.au
http://www.debian.org/ Debian GNU/Linux, software should be Free
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
