https://sourceware.org/bugzilla/show_bug.cgi?id=24514
--- Comment #1 from Tom de Vries <vries at gcc dot gnu.org> ---
I've translated the heap-buffer-overflow into a pair of asserts:
...
diff --git a/readline/display.c b/readline/display.c
index 9044305797..da3176cc3c 100644
--- a/readline/display.c
+++ b/readline/display.c
@@ -59,6 +59,8 @@
#include "rlprivate.h"
#include "xmalloc.h"
+#include "assert.h"
+
#if !defined (strchr) && !defined (__STDC__)
extern char *strchr (), *strrchr ();
#endif /* !strchr && !__STDC__ */
@@ -1201,6 +1203,10 @@ rl_redisplay ()
forced_display = 0;
o_cpos = _rl_last_c_pos;
cpos_adjusted = 0;
+ assert (last_lmargin + (_rl_screenwidth + visible_wrap_offset)
+ <= line_size);
+ assert (lmargin + (_rl_screenwidth + (lmargin ? 0 : wrap_offset))
+ <= line_size);
update_line (&visible_line[last_lmargin],
&invisible_line[lmargin],
0,
_rl_screenwidth + visible_wrap_offset,
_rl_screenwidth + (lmargin ? 0 : wrap_offset),
0);
...
And it triggers standalone (that is, outside the testsuite) a follows:
...
$ TERM=dumb gdb -q -ex "set width 0"
gdb: /data/gdb_versions/devel/src/readline/display.c:1207: rl_redisplay:
Assertion `last_lmargin + (_rl_screenwidth + visible_wrap_offset) <= line_size'
failed.
Aborted (core dumped)
...
--
You are receiving this mail because:
You are on the CC list for the bug.