Re: heap-buffer-overflow in history_expand

2023-05-29 Thread Chet Ramey
On 5/25/23 6:10 PM, Grisha Levit wrote: I noticed a couple of other bits missing from the patch as applied though. (The first because pending_bytes_length is not defined without HANDLE_MULTIBYTE, the second to have quoted insert work without a negative argument). Thanks for the update. Chet

Re: heap-buffer-overflow in history_expand

2023-05-25 Thread Grisha Levit
On Mon, May 1, 2023 at 11:48 AM Chet Ramey wrote: > Yes, I concluded the same thing. Thanks for the patch. I have one question > about the change to rl_insert: why overwrite any return value from the > initial call to _rl_insert_char by setting r back to 0? What if the initial > value of C starts

Re: heap-buffer-overflow in history_expand

2023-05-01 Thread Chet Ramey
On 4/30/23 5:03 AM, Grisha Levit wrote: On Sat, Apr 29, 2023, 14:02 Chet Ramey > wrote: On 4/28/23 9:28 PM, Grisha Levit wrote: > Piping input that simply ends in an leading byte doesn't trigger the issue > -- that byte byte don't seem to make it int

Re: heap-buffer-overflow in history_expand

2023-04-30 Thread Grisha Levit
On Sat, Apr 29, 2023, 14:02 Chet Ramey wrote: > On 4/28/23 9:28 PM, Grisha Levit wrote: > > Piping input that simply ends in an leading byte doesn't trigger the > issue > > -- that byte byte don't seem to make it into the input line. > > > > This is a bit off topic, but I don't really understand

Re: heap-buffer-overflow in history_expand

2023-04-29 Thread Chet Ramey
On 4/28/23 9:28 PM, Grisha Levit wrote: On Fri, Apr 28, 2023, 11:35 Chet Ramey > wrote: On 4/24/23 1:40 AM, Grisha Levit wrote: > The history expansion code can end up reading past the end of the > input line buffer if the line ends with an invalid mu

Re: heap-buffer-overflow in history_expand

2023-04-28 Thread Grisha Levit
On Fri, Apr 28, 2023, 11:35 Chet Ramey wrote: > On 4/24/23 1:40 AM, Grisha Levit wrote: > > The history expansion code can end up reading past the end of the > > input line buffer if the line ends with an invalid multibyte sequence: > > Thanks for the report. You mean an incomplete multibyte char

Re: heap-buffer-overflow in history_expand

2023-04-28 Thread Chet Ramey
On 4/24/23 1:40 AM, Grisha Levit wrote: The history expansion code can end up reading past the end of the input line buffer if the line ends with an invalid multibyte sequence: Thanks for the report. You mean an incomplete multibyte character, I think. Chet -- ``The lyf so short, the craft so