Dear Maintainers,
I think here is a bug in
bash-2.05b/lib/glob/xmbsrtowcs.c
36 size_t
37 xmbsrtowcs (dest, src, len, pstate)
38 wchar_t *dest;
39 const char **src;
40 size_t len;
41 mbstate_t *pstate;
42 {
43 mbstate_t *ps;
44 size_t mblength, wclength, n;
45
46 ps = pstate;
47 if (pstate == NULL)
48 {
49 if (!local_state_use)
50 {
51 memset (&local_state, '\0', sizeof(mbstate_t));
52 local_state_use = 1;
53 }
54 ps = &local_state;
55 }
56
57 n = strlen(*src) + 1;
58
59 if (dest == NULL)
60 {
61 wchar_t *wsbuf;
62 char *mbsbuf, *mbsbuf_top;
63 mbstate_t psbuf;
64
65 wsbuf = (wchar_t *) malloc ((n + 1) * sizeof(wchar_t));
66 mbsbuf_top = mbsbuf = (char *) malloc (n + 1);
67 memcpy(mbsbuf, *src, n + 1);
The line 67 will cause bash to crash when
$ls *.o in some directory.
I think it should be
67 memcpy(mbsbuf, *src, n);
After I changed this, it won't crash again.
My machine is FreeBSD6.0 i686.
Sincerely yours
Zhouyi Zhou
Institute of Software
Chinese Academy of Sciences_______________________________________________
Bug-bash mailing list
Bug-bash@gnu.org
http://lists.gnu.org/mailman/listinfo/bug-bash
