[Bug 7256] New: vi.c: insert_char accesses memory that may no longer be valid

bugzilla at busybox.net bugzilla at busybox.net
Tue Jul 1 17:22:49 UTC 2014


https://bugs.busybox.net/show_bug.cgi?id=7256

           Summary: vi.c: insert_char accesses memory that may no longer
                    be valid
           Product: Busybox
           Version: 1.22.x
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: Other
        AssignedTo: unassigned at busybox.net
        ReportedBy: marko.mahnic at gmail.com
                CC: busybox-cvs at busybox.net
   Estimated Hours: 0.0


1. the pointer sp points to p: sp = p;
2. stupid_insert inserts at p which may cause a reallocation of text
3. p is adjusted to the reallocated text
4. sp still points to the old location which is most likely invalid
5. sp is used in: strchr(")]}", *sp), showmatching(sp)

// line 1838
#if ENABLE_FEATURE_VI_SETOPTS
        // insert a char into text[]
        char *sp;        // "save p"
#endif

        if (c == 13)
            c = '\n';    // translate \r to \n
#if ENABLE_FEATURE_VI_SETOPTS
        sp = p;            // remember addr of insert
#endif
        p += 1 + stupid_insert(p, c);    // insert the char
#if ENABLE_FEATURE_VI_SETOPTS
        if (showmatch && strchr(")]}", *sp) != NULL) {
            showmatching(sp);
        }

-- 
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the busybox-cvs mailing list