READLINE PATCH REPORT ===================== Readline-Release: 7.0 Patch-ID: readline70-001 Bug-Reported-by: Sean Zha Bug-Reference-ID: Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2016-09/msg00107.html Bug-Description: Readline-7.0 changed the way the history list is initially allocated to reduce the number of reallocations and copies. Users who set the readline history-size variable to a very large number to essentially unlimit the size of the history list will get memory allocation errors Patch (apply with `patch -p0'): *** ../readline-7.0/history.c 2015-12-28 13:50:31.000000000 -0500 --- history.c 2016-09-30 14:28:40.000000000 -0400 *************** *** 58,61 **** --- 58,63 ---- #define DEFAULT_HISTORY_INITIAL_SIZE 502 + #define MAX_HISTORY_INITIAL_SIZE 8192 + /* The number of slots to increase the_history by. */ #define DEFAULT_HISTORY_GROW_SIZE 50 *************** *** 308,312 **** { if (history_stifled && history_max_entries > 0) ! history_size = history_max_entries + 2; else history_size = DEFAULT_HISTORY_INITIAL_SIZE; --- 310,316 ---- { if (history_stifled && history_max_entries > 0) ! history_size = (history_max_entries > MAX_HISTORY_INITIAL_SIZE) ! ? MAX_HISTORY_INITIAL_SIZE ! : history_max_entries + 2; else history_size = DEFAULT_HISTORY_INITIAL_SIZE; *** ../readline-7.0/patchlevel 2013-11-15 08:11:11.000000000 -0500 --- patchlevel 2014-03-21 08:28:40.000000000 -0400 *************** *** 1,3 **** # Do not edit -- exists only for use by patch ! 0 --- 1,3 ---- # Do not edit -- exists only for use by patch ! 1 READLINE PATCH REPORT ===================== Readline-Release: 7.0 Patch-ID: readline70-002 Bug-Reported-by: Hong Cho Bug-Reference-ID: Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-readline/2016-12/msg00002.html Bug-Description: There is a race condition in add_history() that can be triggered by a fatal signal arriving between the time the history length is updated and the time the history list update is completed. A later attempt to reference an invalid history entry can cause a crash. Patch (apply with `patch -p0'): *** ../readline-7.0-patched/history.c 2016-11-11 13:42:49.000000000 -0500 --- history.c 2016-12-05 10:37:51.000000000 -0500 *************** *** 280,283 **** --- 280,284 ---- { HIST_ENTRY *temp; + int new_length; if (history_stifled && (history_length == history_max_entries)) *************** *** 296,306 **** /* Copy the rest of the entries, moving down one slot. Copy includes trailing NULL. */ - #if 0 - for (i = 0; i < history_length; i++) - the_history[i] = the_history[i + 1]; - #else memmove (the_history, the_history + 1, history_length * sizeof (HIST_ENTRY *)); - #endif history_base++; } --- 297,303 ---- /* Copy the rest of the entries, moving down one slot. Copy includes trailing NULL. */ memmove (the_history, the_history + 1, history_length * sizeof (HIST_ENTRY *)); + new_length = history_length; history_base++; } *************** *** 316,320 **** history_size = DEFAULT_HISTORY_INITIAL_SIZE; the_history = (HIST_ENTRY **)xmalloc (history_size * sizeof (HIST_ENTRY *)); ! history_length = 1; } else --- 313,317 ---- history_size = DEFAULT_HISTORY_INITIAL_SIZE; the_history = (HIST_ENTRY **)xmalloc (history_size * sizeof (HIST_ENTRY *)); ! new_length = 1; } else *************** *** 326,330 **** xrealloc (the_history, history_size * sizeof (HIST_ENTRY *)); } ! history_length++; } } --- 323,327 ---- xrealloc (the_history, history_size * sizeof (HIST_ENTRY *)); } ! new_length = history_length + 1; } } *************** *** 332,337 **** temp = alloc_history_entry ((char *)string, hist_inittime ()); ! the_history[history_length] = (HIST_ENTRY *)NULL; ! the_history[history_length - 1] = temp; } --- 329,335 ---- temp = alloc_history_entry ((char *)string, hist_inittime ()); ! the_history[new_length] = (HIST_ENTRY *)NULL; ! the_history[new_length - 1] = temp; ! history_length = new_length; } *** ../readline-7.0/patchlevel 2013-11-15 08:11:11.000000000 -0500 --- patchlevel 2014-03-21 08:28:40.000000000 -0400 *************** *** 1,3 **** # Do not edit -- exists only for use by patch ! 1 --- 1,3 ---- # Do not edit -- exists only for use by patch ! 2 READLINE PATCH REPORT ===================== Readline-Release: 7.0 Patch-ID: readline70-003 Bug-Reported-by: Frédéric Brière Bug-Reference-ID: <20170120180724.7ydq7fb2hsp366dj@fabul.fbriere.net> Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-readline/2017-01/msg00002.html Bug-Description: Readline-7.0 uses pselect(2) to allow readline to handle signals that do not interrupt read(2), such as SIGALRM, before reading another character. The signal mask used in the pselect call did not take into account signals the calling application blocked before calling readline(). Patch (apply with `patch -p0'): *** ../readline-7.0-patched/input.c 2016-08-30 10:21:47.000000000 -0400 --- input.c 2017-01-23 10:21:56.000000000 -0500 *************** *** 514,517 **** --- 514,518 ---- #if defined (HAVE_PSELECT) sigemptyset (&empty_set); + sigprocmask (SIG_BLOCK, (sigset_t *)NULL, &empty_set); FD_ZERO (&readfds); FD_SET (fileno (stream), &readfds); *** ../readline-7.0/patchlevel 2013-11-15 08:11:11.000000000 -0500 --- patchlevel 2014-03-21 08:28:40.000000000 -0400 *************** *** 1,3 **** # Do not edit -- exists only for use by patch ! 2 --- 1,3 ---- # Do not edit -- exists only for use by patch ! 3