From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 7093 invoked by alias); 17 Feb 2015 09:49:18 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: X-Seq: 34563 Received: (qmail 28808 invoked from network); 17 Feb 2015 09:49:15 -0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_HI, SPF_HELO_PASS autolearn=ham version=3.3.2 X-AuditID: cbfec7f4-b7f126d000001e9a-49-54e30baa01d7 Date: Tue, 17 Feb 2015 09:39:07 +0000 From: Peter Stephenson To: zsh workers Subject: Re: PATCH: Crash bug on garbage input (previously reported to Debian) Message-id: <20150217093907.7f94af49@pwslap01u.europe.root.pri> In-reply-to: References: <150214102534.ZM4368@torch.brasslantern.com> <20150214214209.6d2f5e7e@ntlworld.com> <150215112622.ZM11584@torch.brasslantern.com> <20150216125749.7a26822c@pwslap01u.europe.root.pri> <20150216170413.054623af@pwslap01u.europe.root.pri> Organization: Samsung Cambridge Solution Centre X-Mailer: Claws Mail 3.7.9 (GTK+ 2.22.0; i386-redhat-linux-gnu) MIME-version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7bit X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFuphluLIzCtJLcpLzFFi42I5/e/4Zd1V3I9DDDatNLE42PyQyYHRY9XB D0wBjFFcNimpOZllqUX6dglcGds+z2Ev2MtRsXfxXcYGxnNsXYycHBICJhLTZj6HssUkLtxb D2RzcQgJLGWUmL1sEytIQkhgOZPEvTMVIDaLgKrE+/nnmEFsNgFDiambZjOC2CJA8ebv/1i6 GDk4hAX8JFZfcwIJ8wrYS3Q9egE2n1MgWOL2xPeMEPOPMEk8aF4G1ssvoC9x9e8nJogj7CVm XjnDCNEsKPFj8j0WEJtZQEti87YmVghbXmLzmrfMExgFZiEpm4WkbBaSsgWMzKsYRVNLkwuK k9JzDfWKE3OLS/PS9ZLzczcxQkLwyw7GxcesDjEKcDAq8fAGLH0UIsSaWFZcmXuIUYKDWUmE d9droBBvSmJlVWpRfnxRaU5q8SFGJg5OqQbGENkFAYUuWXGvtTj+92afq3RuWXa/3vFa8OyK 08dOThaN52qU2Ht0/xr2D2WfLJ3WWAWIMJznilRZa3Lqmb1oinpd5CXmwALNtSlb9pd/Pl96 YXvWcV1Fx8OdD7/f1zrPaRwX8ya6/OL5PrV/7HvuSJfVRHPXvrw/aZYBq4Xz4UVv16xkvyin xFKckWioxVxUnAgAlzzWDR8CAAA= On Tue, 17 Feb 2015 10:02:14 +0100 Mikael Magnusson wrote: > Coverity complains that ingetcline is not freed in the above path. > +free(ingetcline); here? Yes, that's missing, and we might as well handle the other branch now it's working --- I didn't bother when fixing the bug but it's not exactly difficult to do. pws diff --git a/Src/input.c b/Src/input.c index f919e57..92b1ad1 100644 --- a/Src/input.c +++ b/Src/input.c @@ -348,12 +348,13 @@ inputline(void) int oldlen = (int)(inbufptr - inbuf) + inbufleft; if (inbufflags & INP_FREE) { inbuf = realloc(inbuf, oldlen + newlen + 1); - inbufptr += inbuf - oinbuf; - strcpy(inbuf + oldlen, ingetcline); } else { - /* Paranoia: don't think this is used */ - DPUTS(1, "Appending to unallocated input line."); + inbuf = zalloc(oldlen + newlen + 1); + memcpy(inbuf, oinbuf, oldlen); } + inbufptr += inbuf - oinbuf; + strcpy(inbuf + oldlen, ingetcline); + free(ingetcline); inbufleft += newlen; inbufct += newlen; inbufflags |= INP_FREE;