readline70-002 2.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104
  1. READLINE PATCH REPORT
  2. =====================
  3. Readline-Release: 7.0
  4. Patch-ID: readline70-002
  5. Bug-Reported-by: Hong Cho <hong.cho@citrix.com>
  6. Bug-Reference-ID: <c30b5fe62b2543af8297e47ca487c29c@SJCPEX02CL02.citrite.net>
  7. Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-readline/2016-12/msg00002.html
  8. Bug-Description:
  9. There is a race condition in add_history() that can be triggered by a fatal
  10. signal arriving between the time the history length is updated and the time
  11. the history list update is completed. A later attempt to reference an
  12. invalid history entry can cause a crash.
  13. Patch (apply with `patch -p0'):
  14. *** ../readline-7.0-patched/history.c 2016-11-11 13:42:49.000000000 -0500
  15. --- history.c 2016-12-05 10:37:51.000000000 -0500
  16. ***************
  17. *** 280,283 ****
  18. --- 280,284 ----
  19. {
  20. HIST_ENTRY *temp;
  21. + int new_length;
  22. if (history_stifled && (history_length == history_max_entries))
  23. ***************
  24. *** 296,306 ****
  25. /* Copy the rest of the entries, moving down one slot. Copy includes
  26. trailing NULL. */
  27. - #if 0
  28. - for (i = 0; i < history_length; i++)
  29. - the_history[i] = the_history[i + 1];
  30. - #else
  31. memmove (the_history, the_history + 1, history_length * sizeof (HIST_ENTRY *));
  32. - #endif
  33. history_base++;
  34. }
  35. --- 297,303 ----
  36. /* Copy the rest of the entries, moving down one slot. Copy includes
  37. trailing NULL. */
  38. memmove (the_history, the_history + 1, history_length * sizeof (HIST_ENTRY *));
  39. + new_length = history_length;
  40. history_base++;
  41. }
  42. ***************
  43. *** 316,320 ****
  44. history_size = DEFAULT_HISTORY_INITIAL_SIZE;
  45. the_history = (HIST_ENTRY **)xmalloc (history_size * sizeof (HIST_ENTRY *));
  46. ! history_length = 1;
  47. }
  48. else
  49. --- 313,317 ----
  50. history_size = DEFAULT_HISTORY_INITIAL_SIZE;
  51. the_history = (HIST_ENTRY **)xmalloc (history_size * sizeof (HIST_ENTRY *));
  52. ! new_length = 1;
  53. }
  54. else
  55. ***************
  56. *** 326,330 ****
  57. xrealloc (the_history, history_size * sizeof (HIST_ENTRY *));
  58. }
  59. ! history_length++;
  60. }
  61. }
  62. --- 323,327 ----
  63. xrealloc (the_history, history_size * sizeof (HIST_ENTRY *));
  64. }
  65. ! new_length = history_length + 1;
  66. }
  67. }
  68. ***************
  69. *** 332,337 ****
  70. temp = alloc_history_entry ((char *)string, hist_inittime ());
  71. ! the_history[history_length] = (HIST_ENTRY *)NULL;
  72. ! the_history[history_length - 1] = temp;
  73. }
  74. --- 329,335 ----
  75. temp = alloc_history_entry ((char *)string, hist_inittime ());
  76. ! the_history[new_length] = (HIST_ENTRY *)NULL;
  77. ! the_history[new_length - 1] = temp;
  78. ! history_length = new_length;
  79. }
  80. *** ../readline-7.0/patchlevel 2013-11-15 08:11:11.000000000 -0500
  81. --- patchlevel 2014-03-21 08:28:40.000000000 -0400
  82. ***************
  83. *** 1,3 ****
  84. # Do not edit -- exists only for use by patch
  85. ! 1
  86. --- 1,3 ----
  87. # Do not edit -- exists only for use by patch
  88. ! 2