[Bug-readline] heap-buffer-overflow in update_line

Chet Ramey chet.ramey@case.edu
Fri May 17 15:34:00 GMT 2019 

On 5/17/19 10:59 AM, Tom de Vries wrote:

> 
> I've tried this:
> ...
> diff --git a/gdb/utils.c b/gdb/utils.c
> index 9686927473..2bfa22055e 100644
> --- a/gdb/utils.c
> +++ b/gdb/utils.c
> @@ -1371,7 +1371,7 @@ set_screen_size (void)
> 
>    if (cols <= 0 || cols > sqrt_int_max)
>      {
> -      cols = sqrt_int_max;
> +      cols = -1;
>        chars_per_line = UINT_MAX;
>      }

It's not apparent from this patch whether or not gdb uses `cols' for
anything besides passing to readline.

> ...
> but ran into this test failure in gdb.ada/pp-rec-component.exp:
> ...
> (gdb) source
> /data/gdb_versions/devel/build/gdb/testsuite/outputs/gdb.ada/pp^M<sions/devel/build/gdb/testsuite/outputs/gdb.ada/pp-
> 
> ^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^Hrec-component/pp-rec-com
> ^M<tsuite/outputs/gdb.ada/pp-rec-component/pp-rec-comp
>       ^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^Honent.py^M
> (gdb) FAIL: gdb.ada/pp-rec-component.exp: source pp-rec-component.py
> ...
> which is readline doing it's horizontal scrolling mode, which AFAIU is
> triggered by this condition in rl_redisplay failing:
> ...
>   if (_rl_horizontal_scroll_mode == 0 && _rl_term_up && *_rl_term_up)
> ...
> not because _rl_horizontal_scroll_mode is 1, but because _rl_term_up is
> NULL (because of TERM=dumb).

Correct. If the terminal type is unknown or tgetent returns a set of
capabilities that doesn't include "up", you're going to get horizontal
scrolling.

> 
> Note btw that ^H is used here by readline despite the fact that
> TERM=dumb does not support backspace. I'm not sure if this is a bug, or
> intentional behaviour.

Readline uses what tgetent returns for "le" or defaults to "\b" if tgetent
fails. Most dumb terminals support ^H to move the cursor left one position.

> 
> Either way, I'm open for suggestions that make gdb call
> rl_set_screen_size with legal parameters, and disable features like
> horizontal scrolling to get unformatted output for the testsuite run.

You can't specify a dumb terminal and expect to have line wrapping.

Chet
-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
		 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU    chet@case.edu    http://tiswww.cwru.edu/~chet/

More information about the Gdb-patches mailing list