Bug 840598 - el_insertstr() crashes on incomplete multi-byte sequence
el_insertstr() crashes on incomplete multi-byte sequence
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: libedit (Show other bugs)
17
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Kamil Dudka
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-07-16 12:25 EDT by rustyBSD
Modified: 2012-07-20 04:46 EDT (History)
7 users (show)

See Also:
Fixed In Version: libedit-3.0-7.20120601cvs.fc18
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 841771 (view as bug list)
Environment:
Last Closed: 2012-07-20 04:46:45 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description rustyBSD 2012-07-16 12:25:09 EDT
Hi,
I was in my banana tree when I noticed a segfault with sftp on Fedora 17.
It segfaults with autocompletion of a local accentued folder/(file?).

Steps to Reproduce:
$ mkdir Modèles
$ sftp root@localhost
sftp> put Mo [press TAB]
And it segfaults.
  
Actual results:
SEGFAULT

Expected results:
'put Modèles'

Max
Comment 1 Tomas Mraz 2012-07-16 13:04:50 EDT
This is most probably a problem with libedit.
Comment 2 Kamil Dudka 2012-07-16 14:29:48 EDT
Thanks for the bug report, will look at the issue closer on Wednesday hopefully.
Comment 3 Kamil Dudka 2012-07-18 07:29:11 EDT
This fixes the SIGSEGV in libedit:

diff --git a/src/chared.c b/src/chared.c
index 0a95913..1b6fa68 100644
--- a/src/chared.c
+++ b/src/chared.c
@@ -612,7 +612,7 @@ FUN(el,insertstr)(EditLine *el, const Char *s)
 {
    size_t len;

-   if ((len = Strlen(s)) == 0)
+   if (s == NULL || (len = Strlen(s)) == 0)
        return -1;
    if (el->el_line.lastchar + len >= el->el_line.limit) {
        if (!ch_enlargebufs(el, len))

However, if you want sftp to actually support UTF-8, you need to fix sftp so that complete_match() does not call el_insertstr() with incomplete multibyte sequences.
Comment 4 Kamil Dudka 2012-07-18 08:28:35 EDT
fixed in libedit-3.0-7.20120601cvs.fc18
Comment 6 Kamil Dudka 2012-07-20 04:46:45 EDT
I am not going to backport the fix for stable Fedora.  Running the broken sftp on top of fixed libedit leaves the terminal in an inconsistent state, so the SIGSEGV is actually a better response from user's point of view.  This really needs to be fixed in sftp -- I have cloned the bug for openssh: bug #841771

Note You need to log in before you can comment on or make changes to this bug.