use-after-free in rl_display_match

bug-readline

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

use-after-free in rl_display_match_list

From:	Grisha Levit
Subject:	use-after-free in rl_display_match_list
Date:	Mon, 20 Mar 2023 12:55:16 -0400

A SIGINT received during get_y_or_n in display_matches can leave
rl_display_match_list working with an already-freed matches array.

The check below should prevent this:

diff --git a/lib/readline/complete.c b/lib/readline/complete.c
index 2016d393..d6dd7dca 100644
--- a/lib/readline/complete.c
+++ b/lib/readline/complete.c
@@ -1745,7 +1745,8 @@ display_matches (char **matches)
  }
     }

-  rl_display_match_list (matches, len, max);
+  if (_rl_complete_display_matches_interrupt == 0)
+    rl_display_match_list (matches, len, max);

   rl_forced_update_display ();
   rl_display_fixed = 1;

[Prev in Thread]

Current Thread

[Next in Thread]

use-after-free in rl_display_match_list, Grisha Levit <=
- Re: use-after-free in rl_display_match_list, Grisha Levit, 2023/03/20
  - Re: use-after-free in rl_display_match_list, Chet Ramey, 2023/03/22
    - Re: use-after-free in rl_display_match_list, Grisha Levit, 2023/03/22
    - Re: use-after-free in rl_display_match_list, Chet Ramey, 2023/03/22
    - Re: use-after-free in rl_display_match_list, Grisha Levit, 2023/03/22

Prev by Date: Re: asan report in postproc_subst_rhs
Next by Date: Re: use-after-free in rl_display_match_list
Previous by thread: asan report in postproc_subst_rhs
Next by thread: Re: use-after-free in rl_display_match_list
Index(es):
- Date
- Thread