[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
use-after-free in set -o vi mode
|
From: |
rtm |
|
Subject: |
use-after-free in set -o vi mode |
|
Date: |
Mon, 24 Jun 2024 14:51:19 -0400 |
Configuration Information [Automatically generated, do not change]:
Machine: x86_64
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS: -g -O2 -flto=auto -ffat-lto-objects -flto=auto
-ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security
-Wall
uname output: Linux blob 6.5.0-35-generic #35-Ubuntu SMP PREEMPT_DYNAMIC Fri
Apr 26 11:23:57 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
Machine Type: x86_64-pc-linux-gnu
Bash Version: 5.2
Patch Level: 15
Release Status: release
Description:
When I run bash under valgrind, and run set -o vi, and then type
ESC d 1 C
valgrind says
Invalid read of size 4
at 0x1D536A: _rl_vi_domove_motion_cleanup (vi_mode.c:1193)
by 0x1D5AA7: rl_vi_domove (vi_mode.c:1355)
by 0x1D5AA7: rl_vi_delete_to (vi_mode.c:1417)
by 0x1D168D: _rl_dispatch_subseq (readline.c:916)
by 0x1D1E37: _rl_dispatch (readline.c:860)
by 0x1D1E37: readline_internal_char (readline.c:675)
by 0x1D275C: readline_internal_charloop (readline.c:721)
by 0x1D275C: readline_internal (readline.c:733)
by 0x1D275C: readline (readline.c:387)
by 0x13C9A9: yy_readline_get (parse.y:1543)
by 0x13F432: yy_getc (parse.y:1477)
by 0x13F432: shell_getc (parse.y:2408)
by 0x141B1A: read_token.constprop.0 (parse.y:3418)
by 0x145E78: yylex (parse.y:2905)
by 0x145E78: yyparse (y.tab.c:1854)
by 0x13BF79: parse_command (eval.c:348)
by 0x13C107: read_command (eval.c:392)
by 0x13C2BD: reader_loop (eval.c:139)
Address 0x54c42c8 is 24 bytes inside a block of size 36 free'd
at 0x484810F: free (in
/usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x1D5C70: _rl_mvcxt_dispose (vi_mode.c:1150)
by 0x1D5C70: rl_vi_change_to (vi_mode.c:1523)
by 0x1D168D: _rl_dispatch_subseq (readline.c:916)
by 0x1D567A: rl_domove_motion_callback (vi_mode.c:1167)
by 0x1D5AA7: rl_vi_domove (vi_mode.c:1355)
by 0x1D5AA7: rl_vi_delete_to (vi_mode.c:1417)
by 0x1D168D: _rl_dispatch_subseq (readline.c:916)
by 0x1D1E37: _rl_dispatch (readline.c:860)
by 0x1D1E37: readline_internal_char (readline.c:675)
by 0x1D275C: readline_internal_charloop (readline.c:721)
by 0x1D275C: readline_internal (readline.c:733)
by 0x1D275C: readline (readline.c:387)
by 0x13C9A9: yy_readline_get (parse.y:1543)
by 0x13F432: yy_getc (parse.y:1477)
by 0x13F432: shell_getc (parse.y:2408)
by 0x141B1A: read_token.constprop.0 (parse.y:3418)
by 0x145E78: yylex (parse.y:2905)
by 0x145E78: yyparse (y.tab.c:1854)
Block was alloc'd at
at 0x4845828: malloc (in
/usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x1A6051: xmalloc (xmalloc.c:114)
by 0x1D5AD4: _rl_mvcxt_alloc (vi_mode.c:1142)
by 0x1D5AD4: rl_vi_delete_to (vi_mode.c:1386)
by 0x1D168D: _rl_dispatch_subseq (readline.c:916)
by 0x1D1E37: _rl_dispatch (readline.c:860)
by 0x1D1E37: readline_internal_char (readline.c:675)
by 0x1D275C: readline_internal_charloop (readline.c:721)
by 0x1D275C: readline_internal (readline.c:733)
by 0x1D275C: readline (readline.c:387)
by 0x13C9A9: yy_readline_get (parse.y:1543)
by 0x13F432: yy_getc (parse.y:1477)
by 0x13F432: shell_getc (parse.y:2408)
by 0x141B1A: read_token.constprop.0 (parse.y:3418)
by 0x145E78: yylex (parse.y:2905)
by 0x145E78: yyparse (y.tab.c:1854)
by 0x13BF79: parse_command (eval.c:348)
by 0x13C107: read_command (eval.c:392)
Repeat-By:
See above.
- use-after-free in set -o vi mode,
rtm <=