From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 93211 invoked by alias); 23 May 2019 07:33:15 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Received: (qmail 93203 invoked by uid 89); 23 May 2019 07:33:15 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-14.0 required=5.0 tests=AWL,BAYES_40,GIT_PATCH_2,SPF_PASS autolearn=ham version=3.3.1 spammy=20180930, sk:rl_set_, 2018-09-30, H*f:sk:52f237e X-HELO: mx1.suse.de Received: from mx2.suse.de (HELO mx1.suse.de) (195.135.220.15) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 23 May 2019 07:33:14 +0000 Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 19A0DAE08; Thu, 23 May 2019 07:33:12 +0000 (UTC) Subject: Re: [Bug-readline] heap-buffer-overflow in update_line To: chet.ramey@case.edu, bug-readline@gnu.org Cc: gdb-patches@sourceware.org, Pedro Alves References: <52f237e9-83e8-2a97-4766-e60b867ab914@suse.de> <79173bd4-f37e-c137-cf48-187047078bf0@suse.de> From: Tom de Vries Message-ID: Date: Thu, 23 May 2019 07:33:00 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2019-05/txt/msg00532.txt.bz2 On 20-05-19 22:14, Chet Ramey wrote: > On 5/17/19 10:59 AM, Tom de Vries wrote: > >> Either way, I'm open for suggestions that make gdb call >> rl_set_screen_size with legal parameters, and disable features like >> horizontal scrolling to get unformatted output for the testsuite run. > > Here's a patch that will prevent the huge values for the screen width from > causing at least one issue with line_size: > > *** ../readline-8.0-patched/display.c 2018-09-30 21:37:48.000000000 -0400 > --- display.c 2019-05-16 16:50:44.000000000 -0400 > *************** > *** 604,607 **** > --- 604,610 ---- > register int n; > > + if (line_size <= _rl_screenwidth) /* XXX - for gdb */ > + line_size = _rl_screenwidth + 1; > + > if (invisible_line == 0) /* initialize it */ > { > > You're still going to have to deal with some horizontal scrolling if the > input line gets long enough. > Hi Chet, thanks for the patch. I've tried it out (together with the assert mentioned earlier) and found that indeed it fixes the assert for the reported scenario: ... $ TERM=dumb ./gdb -q -ex "set width 0" (gdb) ... but I still ran into the assert by typing the command instead of using "-ex": ... $ TERM=dumb ./gdb -q (gdb) set width 0 gdb: display.c:1214: rl_redisplay: Assertion `last_lmargin + (_rl_screenwidth + visible_wrap_offset) <= line_size' failed. Aborted (core dumped) ... Using this additional bit: ... @@ -528,6 +533,8 @@ rl_redisplay () init_line_structures (0); rl_on_new_line (); } + else if (line_size <= _rl_screenwidth) + init_line_structures (_rl_screenwidth + 1); /* Draw the line into the buffer. */ cpos_buffer_position = -1; ... I managed to fix the assert also in this scenario, and managed to run the entire gdb testsuite without triggering the assert. Is that a good code change? Thanks, - Tom