Module Name: src
Committed By: christos
Date: Sat Jun 29 14:09:35 UTC 2024
Modified Files:
src/lib/libedit: emacs.c
Log Message:
Retrieve the cursor position after calling c_insert, because c_insert could
enlarge the line buffer making the old cursor position point to freed memory.
>From Robert Morris https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=279772
To generate a diff of this commit:
cvs rdiff -u -r1.36 -r1.37 src/lib/libedit/emacs.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/lib/libedit/emacs.c
diff -u src/lib/libedit/emacs.c:1.36 src/lib/libedit/emacs.c:1.37
--- src/lib/libedit/emacs.c:1.36 Mon May 9 17:46:56 2016
+++ src/lib/libedit/emacs.c Sat Jun 29 10:09:35 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: emacs.c,v 1.36 2016/05/09 21:46:56 christos Exp $ */
+/* $NetBSD: emacs.c,v 1.37 2024/06/29 14:09:35 christos Exp $ */
/*-
* Copyright (c) 1992, 1993
@@ -37,7 +37,7 @@
#if 0
static char sccsid[] = "@(#)emacs.c 8.1 (Berkeley) 6/4/93";
#else
-__RCSID("$NetBSD: emacs.c,v 1.36 2016/05/09 21:46:56 christos Exp $");
+__RCSID("$NetBSD: emacs.c,v 1.37 2024/06/29 14:09:35 christos Exp $");
#endif
#endif /* not lint && not SCCSID */
@@ -134,11 +134,11 @@ em_yank(EditLine *el, wint_t c __attribu
return CC_ERROR;
el->el_chared.c_kill.mark = el->el_line.cursor;
- cp = el->el_line.cursor;
/* open the space, */
c_insert(el,
(int)(el->el_chared.c_kill.last - el->el_chared.c_kill.buf));
+ cp = el->el_line.cursor;
/* copy the chars */
for (kp = el->el_chared.c_kill.buf; kp < el->el_chared.c_kill.last; kp++)
*cp++ = *kp;
@@ -448,12 +448,12 @@ em_copy_prev_word(EditLine *el, wint_t c
if (el->el_line.cursor == el->el_line.buffer)
return CC_ERROR;
- oldc = el->el_line.cursor;
/* does a bounds check */
cp = c__prev_word(el->el_line.cursor, el->el_line.buffer,
el->el_state.argument, ce__isword);
c_insert(el, (int)(oldc - cp));
+ oldc = el->el_line.cursor;
for (dp = oldc; cp < oldc && dp < el->el_line.lastchar; cp++)
*dp++ = *cp;
