| Summary: | vi.c: insert_char accesses memory that may no longer be valid | ||
|---|---|---|---|
| Product: | Busybox | Reporter: | Marko Mahnič <marko.mahnic> |
| Component: | Other | Assignee: | unassigned |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | busybox-cvs, marko.mahnic |
| Priority: | P5 | ||
| Version: | 1.22.x | ||
| Target Milestone: | --- | ||
| Hardware: | PC | ||
| OS: | Linux | ||
| Host: | Target: | ||
| Build: | |||
Fixed in git, thanks! |
1. the pointer sp points to p: sp = p; 2. stupid_insert inserts at p which may cause a reallocation of text 3. p is adjusted to the reallocated text 4. sp still points to the old location which is most likely invalid 5. sp is used in: strchr(")]}", *sp), showmatching(sp) // line 1838 #if ENABLE_FEATURE_VI_SETOPTS // insert a char into text[] char *sp; // "save p" #endif if (c == 13) c = '\n'; // translate \r to \n #if ENABLE_FEATURE_VI_SETOPTS sp = p; // remember addr of insert #endif p += 1 + stupid_insert(p, c); // insert the char #if ENABLE_FEATURE_VI_SETOPTS if (showmatch && strchr(")]}", *sp) != NULL) { showmatching(sp); }