| author | Alan Coopersmith <Alan.Coopersmith@Oracle.COM> |
| Sun, 26 Mar 2017 13:26:42 -0700 | |
| changeset 7803 | bab5480f2396 |
| parent 7462 | b70b1d023c26 |
| permissions | -rw-r--r-- |
|
7462
b70b1d023c26
25216284 problem in UTILITY/TCSH
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
1 |
Fix out of bounds read (Brooks Davis) |
|
b70b1d023c26
25216284 problem in UTILITY/TCSH
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
2 |
(reproduce by starting tcsh and hitting tab at the prompt) |
|
b70b1d023c26
25216284 problem in UTILITY/TCSH
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
3 |
|
|
b70b1d023c26
25216284 problem in UTILITY/TCSH
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
4 |
See: |
|
b70b1d023c26
25216284 problem in UTILITY/TCSH
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
5 |
http://mx.gw.com/pipermail/tcsh-bugs/2016-December/001103.html |
|
b70b1d023c26
25216284 problem in UTILITY/TCSH
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
6 |
for more details. |
|
b70b1d023c26
25216284 problem in UTILITY/TCSH
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
7 |
|
|
b70b1d023c26
25216284 problem in UTILITY/TCSH
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
8 |
Upstream fix at: |
|
b70b1d023c26
25216284 problem in UTILITY/TCSH
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
9 |
https://github.com/tcsh-org/tcsh/commit/6a542dc4fb2ba26518a47e9b3a9bcd6a91b94596 |
|
b70b1d023c26
25216284 problem in UTILITY/TCSH
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
10 |
|
|
b70b1d023c26
25216284 problem in UTILITY/TCSH
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
11 |
--- tcsh-6.19.00/ed.chared.c.orig 2016-12-07 06:26:09.076227132 +0000 |
|
b70b1d023c26
25216284 problem in UTILITY/TCSH
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
12 |
+++ tcsh-6.19.00/ed.chared.c 2016-12-07 06:26:41.976633276 +0000 |
|
b70b1d023c26
25216284 problem in UTILITY/TCSH
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
13 |
@@ -750,7 +750,7 @@ |
|
b70b1d023c26
25216284 problem in UTILITY/TCSH
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
14 |
/* |
|
b70b1d023c26
25216284 problem in UTILITY/TCSH
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
15 |
* If we found a history character, go expand it. |
|
b70b1d023c26
25216284 problem in UTILITY/TCSH
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
16 |
*/ |
|
b70b1d023c26
25216284 problem in UTILITY/TCSH
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
17 |
- if (HIST != '\0' && *p == HIST) |
|
b70b1d023c26
25216284 problem in UTILITY/TCSH
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
18 |
+ if (p >= InputBuf && HIST != '\0' && *p == HIST) |
|
b70b1d023c26
25216284 problem in UTILITY/TCSH
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
19 |
nr_exp = c_excl(p); |
|
b70b1d023c26
25216284 problem in UTILITY/TCSH
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
20 |
else |
|
b70b1d023c26
25216284 problem in UTILITY/TCSH
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
21 |
nr_exp = 0; |