equal
deleted
inserted
replaced
|
1 Fix out of bounds read (Brooks Davis) |
|
2 (reproduce by starting tcsh and hitting tab at the prompt) |
|
3 |
|
4 See: |
|
5 http://mx.gw.com/pipermail/tcsh-bugs/2016-December/001103.html |
|
6 for more details. |
|
7 |
|
8 Upstream fix at: |
|
9 https://github.com/tcsh-org/tcsh/commit/6a542dc4fb2ba26518a47e9b3a9bcd6a91b94596 |
|
10 |
|
11 --- tcsh-6.19.00/ed.chared.c.orig 2016-12-07 06:26:09.076227132 +0000 |
|
12 +++ tcsh-6.19.00/ed.chared.c 2016-12-07 06:26:41.976633276 +0000 |
|
13 @@ -750,7 +750,7 @@ |
|
14 /* |
|
15 * If we found a history character, go expand it. |
|
16 */ |
|
17 - if (HIST != '\0' && *p == HIST) |
|
18 + if (p >= InputBuf && HIST != '\0' && *p == HIST) |
|
19 nr_exp = c_excl(p); |
|
20 else |
|
21 nr_exp = 0; |