On Mon, Dec 2, 2024 at 1:56 PM Chet Ramey <chet.ra...@case.edu> wrote:
>
> On 11/18/24 10:22 PM, Grisha Levit wrote:
> > But here's a remaining one in combination with history-expand-line:
>
> Thanks for the report. I'm not sure what to do about this one yet.
>
> >
> > HISTFILE= INPUTRC=/ bash --norc -in <<< \
> > $'X\n\e[A!X\e^\e[A'
> > =================================================================
> > ERROR: LeakSanitizer: detected memory leaks
>
>
> There will be a fix for the use-after-free problem in the next devel
> branch push.
FWIW there's still a use-after-free with something like:
HISTFILE= INPUTRC=/ bash --norc -in <<< $'X\n\cPX\cR\n!\e3X\e^\n\cP'
=================================================================
ERROR: AddressSanitizer: heap-use-after-free on address 0xe1c25e821f48
READ of size 4 at 0xe1c25e821f48 thread T0
#0 rl_do_undo undo.c:188:25
#1 rl_revert_line undo.c:339:2
#2 readline_common_teardown readline.c:493:7
#3 readline_internal_teardown readline.c:518:3
#4 readline_internal readline.c:750:11
#5 readline readline.c:387:11
0xe1c25e821f48 is located 24 bytes inside of 32-byte region
[0xe1c25e821f30,0xe1c25e821f50)
freed by thread T0 here:
#2 _rl_free_undo_list undo.c:111:7
#3 rl_free_undo_list undo.c:122:3
#4 readline_common_teardown readline.c:507:5
#5 readline_internal_teardown readline.c:518:3
#6 readline_internal readline.c:750:11
#7 readline readline.c:387:11
previously allocated by thread T0 here:
#2 alloc_undo_entry undo.c:75:23
#3 rl_add_undo undo.c:92:10
#4 rl_insert_text text.c:114:2
#5 _rl_insert_char text.c:935:7
#6 rl_insert text.c:989:42
#7 _rl_dispatch_subseq readline.c:941:8
#8 _rl_dispatch readline.c:876:10
#9 readline_internal_char readline.c:690:11
#10 readline_internal_charloop readline.c:737:11
#11 readline_internal readline.c:749:18
#12 readline readline.c:387:11
