There's some issue with undo list handling in history-search-* commands:
Doing a successful search with a line that has an undo list causes the
undo entries from that list to leaked:
HISTFILE= INPUTRC=/ bash --norc -in <<< $'X\nX\e[5~'
=================================================================
ERROR: LeakSanitizer: detected memory leaks
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#2 alloc_undo_entry undo.c:75:23
#3 rl_add_undo undo.c:92:10
#4 rl_insert_text text.c:114:2
#5 _rl_insert_char text.c:935:7
#6 rl_insert text.c:989:42
#7 _rl_dispatch_subseq readline.c:941:8
#8 _rl_dispatch readline.c:876:10
#9 readline_internal_char readline.c:690:11
#10 readline_internal_charloop readline.c:737:11
#11 readline_internal readline.c:749:18
#12 readline readline.c:387:11
...and running the search again causes a use-after-free when accessing
prev_line_found in rl_history_search_internal:
HISTFILE= INPUTRC=/ bash --norc -in <<< $'X\nX\nX\e[5~\e[5~'
=================================================================
ERROR: AddressSanitizer: heap-use-after-free on address 0xe53d8842ae50
READ of size 1 at 0xe53d8842ae50 thread T0
#0 rl_history_search_internal search.c:634:30
#1 rl_history_search_backward search.c:746:11
#2 _rl_dispatch_subseq readline.c:941:8
0xe53d8842ae50 is 0 bytes in 2-byte region [0xe53d8842ae50,0xe53d8842ae52)
freed by thread T0 here:
#2 _rl_maybe_replace_line misc.c:344:7
#3 rl_history_search_internal search.c:609:3
#4 rl_history_search_backward search.c:746:11
#5 _rl_dispatch_subseq readline.c:941:8
previously allocated by thread T0 here:
#2 alloc_history_entry history.c:296:25
#3 add_history istory.c:428:10
#4 really_add_history bashhist.c:963:3
#5 bash_add_history bashhist.c:948:5
...or when using revert-all-newline:
echo 'set revert-all-at-newline on' > i
HISTFILE= INPUTRC=i bash --norc -in <<< $'X\nX\e[5~\exnext-history\nX'
=================================================================
ERROR: AddressSanitizer: heap-use-after-free on address 0xef01e9428830
READ of size 8 at 0xef01e9428830 thread T0
#0 _rl_free_undo_list undo.c:106:16
#1 rl_free_undo_list undo.c:122:3
#2 readline_common_teardown readline.c:507:5
#3 readline_internal_teardown readline.c:518:3
0xef01e9428830 is 0 bytes in 32-byte region [0xef01e9428830,0xef01e9428850)
freed by thread T0 here:
#2 rl_do_undo undo.c:267:7
#3 _rl_revert_previous_lines misc.c:500:6
#4 _rl_revert_all_lines misc.c:530:3
#5 readline_common_teardown readline.c:502:5
#6 readline_internal_teardown readline.c:518:3
previously allocated by thread T0 here:
#2 alloc_undo_entry undo.c:75:23
#3 rl_add_undo undo.c:92:10
#4 rl_end_undo_group undo.c:305:3
#5 _rl_replace_text text.c:205:3
#6 make_history_line_current search.c:134:3
#7 rl_history_search_internal search.c:667:3
#8 rl_history_search_backward search.c:746:11
