25216284 problem in UTILITY/TCSH
authorRich Burridge <rich.burridge@oracle.com>
Thu, 08 Dec 2016 07:04:47 -0800
changeset 7462 b70b1d023c26
parent 7461 fae95a5b122f
child 7465 77b12a9cd053
25216284 problem in UTILITY/TCSH
components/tcsh/patches/010.out-of-bounds.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/tcsh/patches/010.out-of-bounds.patch	Thu Dec 08 07:04:47 2016 -0800
@@ -0,0 +1,21 @@
+Fix out of bounds read (Brooks Davis)
+(reproduce by starting tcsh and hitting tab at the prompt)
+
+See:
+http://mx.gw.com/pipermail/tcsh-bugs/2016-December/001103.html
+for more details.
+
+Upstream fix at:
+https://github.com/tcsh-org/tcsh/commit/6a542dc4fb2ba26518a47e9b3a9bcd6a91b94596
+
+--- tcsh-6.19.00/ed.chared.c.orig	2016-12-07 06:26:09.076227132 +0000
++++ tcsh-6.19.00/ed.chared.c	2016-12-07 06:26:41.976633276 +0000
[email protected]@ -750,7 +750,7 @@
+     /*
+      * If we found a history character, go expand it.
+      */
+-    if (HIST != '\0' && *p == HIST)
++    if (p >= InputBuf && HIST != '\0' && *p == HIST)
+ 	nr_exp = c_excl(p);
+     else
+         nr_exp = 0;