READLINE PATCH REPORT ===================== Readline-Release: 7.0 Patch-ID: readline70-001 Bug-Reported-by: Sean Zha Bug-Reference-ID: Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2016-09/msg00107.html Bug-Description: Readline-7.0 changed the way the history list is initially allocated to reduce the number of reallocations and copies. Users who set the readline history-size variable to a very large number to essentially unlimit the size of the history list will get memory allocation errors Patch (apply with `patch -p0'): *** ../readline-7.0/history.c 2015-12-28 13:50:31.000000000 -0500 --- history.c 2016-09-30 14:28:40.000000000 -0400 *************** *** 58,61 **** --- 58,63 ---- #define DEFAULT_HISTORY_INITIAL_SIZE 502 + #define MAX_HISTORY_INITIAL_SIZE 8192 + /* The number of slots to increase the_history by. */ #define DEFAULT_HISTORY_GROW_SIZE 50 *************** *** 308,312 **** { if (history_stifled && history_max_entries > 0) ! history_size = history_max_entries + 2; else history_size = DEFAULT_HISTORY_INITIAL_SIZE; --- 310,316 ---- { if (history_stifled && history_max_entries > 0) ! history_size = (history_max_entries > MAX_HISTORY_INITIAL_SIZE) ! ? MAX_HISTORY_INITIAL_SIZE ! : history_max_entries + 2; else history_size = DEFAULT_HISTORY_INITIAL_SIZE; *** ../readline-7.0/patchlevel 2013-11-15 08:11:11.000000000 -0500 --- patchlevel 2014-03-21 08:28:40.000000000 -0400 *************** *** 1,3 **** # Do not edit -- exists only for use by patch ! 0 --- 1,3 ---- # Do not edit -- exists only for use by patch ! 1 READLINE PATCH REPORT ===================== Readline-Release: 7.0 Patch-ID: readline70-002 Bug-Reported-by: Hong Cho Bug-Reference-ID: Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-readline/2016-12/msg00002.html Bug-Description: There is a race condition in add_history() that can be triggered by a fatal signal arriving between the time the history length is updated and the time the history list update is completed. A later attempt to reference an invalid history entry can cause a crash. Patch (apply with `patch -p0'): *** ../readline-7.0-patched/history.c 2016-11-11 13:42:49.000000000 -0500 --- history.c 2016-12-05 10:37:51.000000000 -0500 *************** *** 280,283 **** --- 280,284 ---- { HIST_ENTRY *temp; + int new_length; if (history_stifled && (history_length == history_max_entries)) *************** *** 296,306 **** /* Copy the rest of the entries, moving down one slot. Copy includes trailing NULL. */ - #if 0 - for (i = 0; i < history_length; i++) - the_history[i] = the_history[i + 1]; - #else memmove (the_history, the_history + 1, history_length * sizeof (HIST_ENTRY *)); - #endif history_base++; } --- 297,303 ---- /* Copy the rest of the entries, moving down one slot. Copy includes trailing NULL. */ memmove (the_history, the_history + 1, history_length * sizeof (HIST_ENTRY *)); + new_length = history_length; history_base++; } *************** *** 316,320 **** history_size = DEFAULT_HISTORY_INITIAL_SIZE; the_history = (HIST_ENTRY **)xmalloc (history_size * sizeof (HIST_ENTRY *)); ! history_length = 1; } else --- 313,317 ---- history_size = DEFAULT_HISTORY_INITIAL_SIZE; the_history = (HIST_ENTRY **)xmalloc (history_size * sizeof (HIST_ENTRY *)); ! new_length = 1; } else *************** *** 326,330 **** xrealloc (the_history, history_size * sizeof (HIST_ENTRY *)); } ! history_length++; } } --- 323,327 ---- xrealloc (the_history, history_size * sizeof (HIST_ENTRY *)); } ! new_length = history_length + 1; } } *************** *** 332,337 **** temp = alloc_history_entry ((char *)string, hist_inittime ()); ! the_history[history_length] = (HIST_ENTRY *)NULL; ! the_history[history_length - 1] = temp; } --- 329,335 ---- temp = alloc_history_entry ((char *)string, hist_inittime ()); ! the_history[new_length] = (HIST_ENTRY *)NULL; ! the_history[new_length - 1] = temp; ! history_length = new_length; } *** ../readline-7.0/patchlevel 2013-11-15 08:11:11.000000000 -0500 --- patchlevel 2014-03-21 08:28:40.000000000 -0400 *************** *** 1,3 **** # Do not edit -- exists only for use by patch ! 1 --- 1,3 ---- # Do not edit -- exists only for use by patch ! 2 READLINE PATCH REPORT ===================== Readline-Release: 7.0 Patch-ID: readline70-003 Bug-Reported-by: Frédéric Brière Bug-Reference-ID: <20170120180724.7ydq7fb2hsp366dj@fabul.fbriere.net> Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-readline/2017-01/msg00002.html Bug-Description: Readline-7.0 uses pselect(2) to allow readline to handle signals that do not interrupt read(2), such as SIGALRM, before reading another character. The signal mask used in the pselect call did not take into account signals the calling application blocked before calling readline(). Patch (apply with `patch -p0'): *** ../readline-7.0-patched/input.c 2016-08-30 10:21:47.000000000 -0400 --- input.c 2017-01-23 10:21:56.000000000 -0500 *************** *** 514,517 **** --- 514,518 ---- #if defined (HAVE_PSELECT) sigemptyset (&empty_set); + sigprocmask (SIG_BLOCK, (sigset_t *)NULL, &empty_set); FD_ZERO (&readfds); FD_SET (fileno (stream), &readfds); *** ../readline-7.0/patchlevel 2013-11-15 08:11:11.000000000 -0500 --- patchlevel 2014-03-21 08:28:40.000000000 -0400 *************** *** 1,3 **** # Do not edit -- exists only for use by patch ! 2 --- 1,3 ---- # Do not edit -- exists only for use by patch ! 3 READLINE PATCH REPORT ===================== Readline-Release: 7.0 Patch-ID: readline70-004 Bug-Reported-by: Kieran Grant Bug-Reference-ID: Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2018-02/msg00002.html Bug-Description: With certain values for PS1, especially those that wrap onto three or more lines, readline will miscalculate the number of invisible characters, leading to crashes and core dumps. Patch (apply with `patch -p0'): *** ../readline-7.0.3/display.c 2016-07-28 14:49:33.000000000 -0400 --- display.c 2018-02-03 19:19:35.000000000 -0500 *************** *** 772,776 **** wadjust = (newlines == 0) ? prompt_invis_chars_first_line ! : ((newlines == prompt_lines_estimate) ? wrap_offset : prompt_invis_chars_first_line); /* fix from Darin Johnson for prompt string with --- 788,794 ---- wadjust = (newlines == 0) ? prompt_invis_chars_first_line ! : ((newlines == prompt_lines_estimate) ! ? (wrap_offset - prompt_invis_chars_first_line) ! : 0); /* fix from Darin Johnson for prompt string with *** ../readline-7.0/patchlevel 2013-11-15 08:11:11.000000000 -0500 --- patchlevel 2014-03-21 08:28:40.000000000 -0400 *************** *** 1,3 **** # Do not edit -- exists only for use by patch ! 3 --- 1,3 ---- # Do not edit -- exists only for use by patch ! 4 READLINE PATCH REPORT ===================== Readline-Release: 7.0 Patch-ID: readline70-005 Bug-Reported-by: Nuzhna Pomoshch Bug-Reference-ID: <1317167476.1492079.1495999776464@mail.yahoo.com> Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-readline/2017-05/msg00005.html Bug-Description: There are cases where a failing readline command (e.g., delete-char at the end of a line) can cause a multi-character key sequence to `back up' and attempt to re-read some of the characters in the sequence. Patch (apply with `patch -p0'): *** ../readline-7.0/readline.c 2016-04-20 15:53:52.000000000 -0400 --- readline.c 2018-05-26 17:19:00.000000000 -0400 *************** *** 1058,1062 **** r = _rl_dispatch (ANYOTHERKEY, m); } ! else if (r && map[ANYOTHERKEY].function) { /* We didn't match (r is probably -1), so return something to --- 1056,1060 ---- r = _rl_dispatch (ANYOTHERKEY, m); } ! else if (r < 0 && map[ANYOTHERKEY].function) { /* We didn't match (r is probably -1), so return something to *************** *** 1070,1074 **** return -2; } ! else if (r && got_subseq) { /* OK, back up the chain. */ --- 1068,1072 ---- return -2; } ! else if (r < 0 && got_subseq) /* XXX */ { /* OK, back up the chain. */ *** ../readline-7.0/patchlevel 2013-11-15 08:11:11.000000000 -0500 --- patchlevel 2014-03-21 08:28:40.000000000 -0400 *************** *** 1,3 **** # Do not edit -- exists only for use by patch ! 4 --- 1,3 ---- # Do not edit -- exists only for use by patch ! 5