NetBSD Problem Report #54178

From www@netbsd.org  Wed May  8 21:14:36 2019
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 104197A1C8
	for <gnats-bugs@gnats.NetBSD.org>; Wed,  8 May 2019 21:14:36 +0000 (UTC)
Message-Id: <20190508211435.321F97A1D6@mollari.NetBSD.org>
Date: Wed,  8 May 2019 21:14:35 +0000 (UTC)
From: jperkins+netbsd@google.com
Reply-To: jperkins+netbsd@google.com
To: gnats-bugs@NetBSD.org
Subject: libedit: parse_line should fail if tok_wstr fails
X-Send-Pr-Version: www-1.0

>Number:         54178
>Category:       lib
>Synopsis:       libedit: parse_line should fail if tok_wstr fails
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed May 08 21:15:00 +0000 2019
>Originator:     Jonathan Perkins
>Release:        Sources as of 2019/05/08
>Organization:
Google
>Environment:
>Description:
In parse.c, libedit doesn't check the return of tok_wstr:
	tok_wstr(tok, line, &argc, &argv);
	argc = el_wparse(el, argc, argv);
http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libedit/parse.c?rev=1.41&content-type=text/x-cvsweb-markup&only_with_tag=MAIN

An unmatched quote causes tok_wstr to fail.  In that case, argc may be uninitialized/non-zero.  Then el_wparse is getting called with an uninitialized argc and argv, typically resulting in a segfault.

The simple fix to this is to check the return value on tok_wstr, although initializing argc to 0 may also help.
>How-To-Repeat:
1) Start a program with a libedit prompt in emacs mode.
2) "alt-x" to be able to enter bindings.
3) "'" -- enter a single, unpaired quote
>Fix:
--- old/parse.c
+++ new/parse.c
@@ -82,11 +82,13 @@ libedit_private int
 parse_line(EditLine *el, const wchar_t *line)
 {
 	const wchar_t **argv;
-	int argc;
+	int argc = 0;
 	TokenizerW *tok;

 	tok = tok_winit(NULL);
-	tok_wstr(tok, line, &argc, &argv);
+	if (tok_wstr(tok, line, &argc, &argv) != 0) {
+		return -1;
+	}
 	argc = el_wparse(el, argc, argv);
 	tok_wend(tok);
 	return argc;
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.43 2018/01/16 07:36:43 maya Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2017 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.