[Bug-readline] Memory error in read_history

bug-readline

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-readline] Memory error in read_history_range

From:	Denis Martinez
Subject:	[Bug-readline] Memory error in read_history_range
Date:	Thu, 16 Mar 2017 05:41:50 +0100

When I tried to get Readline working with ECL Common Lisp, I have
discovered a memory error which occurs in a particular situation.

Valgrind reports an invalid read when invoking read_history() on an
existing but empty history file. This is easily reproduced with a
trivial test program (readline 7.0.003, Arch GNU/Linux x86_64).

#include <stdio.h>
#include <readline/readline.h>
#include <readline/history.h>
int main(int argc, char *argv[]) {
  if (argc != 2) return 1;
  read_history(argv[1]);
  return 0;
}

The valgrind report points at two distinct points in 
histfile.c/read_history_range()
where the same memory error happens.

l.353:  if (history_comment_char == '\0' && buffer[0] == '#' && isdigit 
((unsigned char)buffer[1]))
l.359:  has_timestamps = HIST_TIMESTAMP_START (buffer);

An error occurs because buffer is assumed to be a 0-terminated string,
however it is not.

The code which previously reads into buffer does not write the 0 terminator
after the data. This problem could be solved by writing
`buffer[chars_read] = 0' in the success path following read().

Please also note: the MMAP path, which also does not terminate input,
seems equally fallible given an input whose exact content is the character #.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-readline] Memory error in read_history_range, Denis Martinez <=
- Re: [Bug-readline] Memory error in read_history_range, Chet Ramey, 2017/03/16

Prev by Date: Re: [Bug-readline] add control-arrow bindings
Next by Date: Re: [Bug-readline] Memory error in read_history_range
Previous by thread: [Bug-readline] add control-arrow bindings
Next by thread: Re: [Bug-readline] Memory error in read_history_range
Index(es):
- Date
- Thread