On Fri, Jan 17, 2025 at 9:31 AM Chet Ramey <chet.ra...@case.edu> wrote:
>
> On 1/15/25 4:08 PM, Grisha Levit wrote:
> > Another undo list UAF. Related, I think, to edit-and-execute-command.
> >
> > HISTFILE= INPUTRC=/ bash --norc -in <<< $' \n\cP \cN\cP\cU\cX\cE\n\e<'
>
> I can't reproduce this on macOS.
>
I just tried a fresh build on macOS (15.2, arm64) and see the same result:
$ ./configure CFLAGS='-fsanitize=address'
$ make -j
$ HISTFILE= INPUTRC=/ ./bash --norc -in <<< $' \n\cP \cN\cP\cU\cX\cE\n\e<'
bash-5.3$
bash-5.3$
bash-5.3$
bash-5.3$
=================================================================
==41074==ERROR: AddressSanitizer: heap-use-after-free on address
0x60300000a828 at pc 0x00010084622c bp 0x00016f951db0 sp
0x00016f951da8
READ of size 4 at 0x60300000a828 thread T0
#0 0x100846228 in rl_do_undo+0x174 (/private/tmp/bld/bash:arm64+0x10039e228)
#1 0x10084740c in rl_revert_line+0xa8
(/private/tmp/bld/bash:arm64+0x10039f40c)
#2 0x1007ba1dc in readline_common_teardown+0xc4
(/private/tmp/bld/bash:arm64+0x1003121dc)
#3 0x1007ba3d0 in readline_internal_teardown+0x138
(/private/tmp/bld/bash:arm64+0x1003123d0)
