View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000536 | tcsh | General | public | 2024-06-23 18:33 | 2024-06-23 18:33 |
| Reporter | rtm | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | new | Resolution | open | ||
| Platform | amd64 | OS | FreeBSD | OS Version | 14.1 |
| Product Version | 6.22.03 | ||||
| Summary | 0000536: starting_a_command() can read off the start of inputline for ( ^D | ||||
| Description | If I type (^D (i.e. open parenthesis then control-d) to tcsh, then this line in starting_a_command() in tw.parse.c decrements ptr to before the start of inputline before dereferencing: for (ptr = wordstart, bsl = 0; *(--ptr) == '\\'; bsl++); tcsh 6.22.04 (Astron) 2021-04-26 (x86_64-amd-FreeBSD) options wide,nls,dl,al,kan,sm,rh,color,filec valgrind says: Invalid read of size 4 at 0x15814B: starting_a_command (tcsh/tw.parse.c:825) by 0x157414: tenematch (tcsh/tw.parse.c:228) by 0x16E0B3: Inputl (tcsh/ed.inputl.c:493) by 0x1423A6: bgetc (tcsh/sh.lex.c:1679) by 0x140B8E: readc (tcsh/sh.lex.c:1440) by 0x140442: lex (tcsh/sh.lex.c:160) by 0x1238D0: process (tcsh/sh.c:2071) by 0x122AA0: main (tcsh/sh.c:1430) Address 0x5799d6c is 4 bytes before a block of size 256 alloc'd at 0x484CDE4: malloc (vg_replace_malloc.c:446) by 0x179017: srealloc (tcsh/tc.alloc.c:551) by 0x1848FC: Strbuf_store1 (tcsh/tc.str.c:710) by 0x183D1A: Strbuf_append1 (tcsh/tc.str.c:710) by 0x1572BE: tenematch (tcsh/tw.parse.c:212) by 0x16E0B3: Inputl (tcsh/ed.inputl.c:493) by 0x1423A6: bgetc (tcsh/sh.lex.c:1679) by 0x140B8E: readc (tcsh/sh.lex.c:1440) by 0x140442: lex (tcsh/sh.lex.c:160) by 0x1238D0: process (tcsh/sh.c:2071) by 0x122AA0: main (tcsh/sh.c:1430) | ||||
| Tags | No tags attached. | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-06-23 18:33 | rtm | New Issue |
