11661 – SegFault on fdisk, hexedit, ed due to read_line_edit dereferencing state->hist_file

Bug 11661 - SegFault on fdisk, hexedit, ed due to read_line_edit dereferencing state->hist_file

Summary: SegFault on fdisk, hexedit, ed due to read_line_edit dereferencing state->his...

Status:	RESOLVED FIXED

Alias:	None

Product:	Busybox
Classification:	Unclassified
Component:	Other (show other bugs)
Version:	1.29.x
Hardware:	All Linux

Importance:	P5 major
Target Milestone:	---
Assignee:	unassigned

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-02-02 12:02 UTC by Takahiro
Modified:	2019-02-04 15:17 UTC (History)
CC List:	1 user (show)

See Also:
Host:
Target:
Build:

Attachments
fix suggestion for lineedit.c (500 bytes, application/octet-stream) 2019-02-02 12:02 UTC, Takahiro	Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Takahiro 2019-02-02 12:02:02 UTC

Created attachment 7936 [details]
fix suggestion for lineedit.c

fdisk, hexedit and ed calls read_line_edit in libbb/lineedit.c with NULL as first argument. On line 2373 of lineedit.c of busybox version 1.29.3, state->hist_file is referenced without checking the state->flag.

This causes segmentation fault on fdisk, hexedit and ed on ARM Cortex-A9.
It somehow works on x86_64.

Attached is a fix suggestion for lineedit.c

Comment 1 Denys Vlasenko 2019-02-04 15:17:21 UTC

Fixed in git, thanks!