Bug 840598

Summary: el_insertstr() crashes on incomplete multi-byte sequence
Product: [Fedora] Fedora Reporter: rustyBSD <rustyBSD>
Component: libeditAssignee: Kamil Dudka <kdudka>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 17CC: jeff, kdudka, loganjerry, mattias.ellert, mgrepl, plautrba, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libedit-3.0-7.20120601cvs.fc18 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 841771 (view as bug list) Environment:
Last Closed: 2012-07-20 08:46:45 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description rustyBSD 2012-07-16 16:25:09 UTC 
Hi,
I was in my banana tree when I noticed a segfault with sftp on Fedora 17.
It segfaults with autocompletion of a local accentued folder/(file?).

Steps to Reproduce:
$ mkdir Modèles
$ sftp root@localhost
sftp> put Mo [press TAB]
And it segfaults.
  
Actual results:
SEGFAULT

Expected results:
'put Modèles'

Max
Comment 1 Tomas Mraz 2012-07-16 17:04:50 UTC 
This is most probably a problem with libedit.
Comment 2 Kamil Dudka 2012-07-16 18:29:48 UTC 
Thanks for the bug report, will look at the issue closer on Wednesday hopefully.
Comment 3 Kamil Dudka 2012-07-18 11:29:11 UTC 
This fixes the SIGSEGV in libedit:

diff --git a/src/chared.c b/src/chared.c
index 0a95913..1b6fa68 100644
--- a/src/chared.c
+++ b/src/chared.c
@@ -612,7 +612,7 @@ FUN(el,insertstr)(EditLine *el, const Char *s)
 {
    size_t len;

-   if ((len = Strlen(s)) == 0)
+   if (s == NULL || (len = Strlen(s)) == 0)
        return -1;
    if (el->el_line.lastchar + len >= el->el_line.limit) {
        if (!ch_enlargebufs(el, len))

However, if you want sftp to actually support UTF-8, you need to fix sftp so that complete_match() does not call el_insertstr() with incomplete multibyte sequences.
Comment 4 Kamil Dudka 2012-07-18 12:28:35 UTC 
fixed in libedit-3.0-7.20120601cvs.fc18
Comment 5 Kamil Dudka 2012-07-20 08:31:40 UTC 
upstream commit:

http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libedit/chared.c.diff?r1=1.36&r2=1.37
Comment 6 Kamil Dudka 2012-07-20 08:46:45 UTC 
I am not going to backport the fix for stable Fedora.  Running the broken sftp on top of fixed libedit leaves the terminal in an inconsistent state, so the SIGSEGV is actually a better response from user's point of view.  This really needs to be fixed in sftp -- I have cloned the bug for openssh: bug #841771