Bug#710076: Ctrl-U copies byte-truncated UCS-4 to the kill buffer

[Josh Triplett]

Package: grub-pc
Version: 2.00-14
Severity: normal
Tags: upstream patch

Hitting Ctrl-U deletes to the beginning of the line, but hitting Ctrl-Y
afterward yanks a truncated and mangled string.  Looking at the
code (in grub-core/normal/cmdline.c), it looks like the implementation
of Ctrl-U never got converted from 8-bit characters to UCS-4, so it only
copies N bytes rather than N characters.  The attached patch fixes this
problem.

Changelog entry for this patch:

2013-05-27  Josh Triplett  <j...@joshtriplett.org>

        * grub-core/normal/cmdline.c (grub_cmdline_get): Fix Ctrl-u
        handling to copy the killed characters to the kill buffer as
        UCS4 stored as grub_uint32_t rather than as 8-bit characters
        stored as char.  Eliminates UCS4 truncation and corruption
        observed when killing characters with Ctrl-u and yanking them
        back with Ctrl-y.

I've also attached the patch in "bzr send" form for direct application,
including the changelog entry.

- Josh Triplett

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.8-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages grub-pc depends on:
ii  debconf [debconf-2.0]  1.5.50
ii  grub-common            2.00-14
ii  grub-pc-bin            2.00-14
ii  grub2-common           2.00-14
ii  ucf                    3.0027

grub-pc recommends no packages.

grub-pc suggests no packages.

-- debconf information excluded

=== modified file 'grub-core/normal/cmdline.c'
--- grub-core/normal/cmdline.c	2013-05-14 06:54:18 +0000
+++ grub-core/normal/cmdline.c	2013-05-28 04:05:19 +0000
@@ -587,7 +587,7 @@
 
 	      grub_free (kill_buf);
 
-	      kill_buf = grub_malloc (n + 1);
+	      kill_buf = grub_malloc ((n + 1) * sizeof(grub_uint32_t));
 	      if (grub_errno)
 		{
 		  grub_print_error ();
@@ -595,8 +595,8 @@
 		}
 	      if (kill_buf)
 		{
-		  grub_memcpy (kill_buf, buf, n);
-		  kill_buf[n] = '\0';
+		  grub_memcpy (kill_buf, buf, n * sizeof(grub_uint32_t));
+		  kill_buf[n] = 0;
 		}
 
 	      lpos = 0;


# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: j...@joshtriplett.org-20130528041348-we4ky0tgt3ric14q
# target_branch: http://bzr.savannah.gnu.org/r/grub/trunk/grub/
# testament_sha1: 8b36d29a91d74b33de6f13982863a716d0f734bb
# timestamp: 2013-05-27 21:19:56 -0700
# source_branch: .
# base_revision_id: phco...@gmail.com-20130515152649-2qzhi2m3wxlvi9z2
# 
# Begin patch
=== modified file 'ChangeLog'
--- ChangeLog	2013-05-15 15:26:49 +0000
+++ ChangeLog	2013-05-28 04:13:48 +0000
@@ -1,3 +1,12 @@
+2013-05-27  Josh Triplett  <j...@joshtriplett.org>
+
+	* grub-core/normal/cmdline.c (grub_cmdline_get): Fix Ctrl-u
+	handling to copy the killed characters to the kill buffer as
+	UCS4 stored as grub_uint32_t rather than as 8-bit characters
+	stored as char.  Eliminates UCS4 truncation and corruption
+	observed when killing characters with Ctrl-u and yanking them
+	back with Ctrl-y.
+
 2013-05-15  Radosław Szymczyszyn  <lav...@gmail.com>
 
 	* grub-core/partmap/dfly.c: New partition map.

=== modified file 'grub-core/normal/cmdline.c'
--- grub-core/normal/cmdline.c	2013-05-14 06:54:18 +0000
+++ grub-core/normal/cmdline.c	2013-05-28 04:13:48 +0000
@@ -587,7 +587,7 @@
 
 	      grub_free (kill_buf);
 
-	      kill_buf = grub_malloc (n + 1);
+	      kill_buf = grub_malloc ((n + 1) * sizeof(grub_uint32_t));
 	      if (grub_errno)
 		{
 		  grub_print_error ();
@@ -595,8 +595,8 @@
 		}
 	      if (kill_buf)
 		{
-		  grub_memcpy (kill_buf, buf, n);
-		  kill_buf[n] = '\0';
+		  grub_memcpy (kill_buf, buf, n * sizeof(grub_uint32_t));
+		  kill_buf[n] = 0;
 		}
 
 	      lpos = 0;

# Begin bundle
IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWSNx0PcAAmHfgBAwUH///1sU
ngq////wUAVs8VdhGXdpToqutASUminqb1TahtNqm1NqeptRmk9TBAMJmoAEohJtAZJpP0oPUNBo
A0AABoBIkEKntCnkxDUafpGU/VNABkGmh6hoOaYmAjTAjCMAAAATCMAqkU9BNGiehGCaT1PQ0TUz
U9JiAPU0PUa1NGYGCOee8202nye40xTURtLgze62lkmJQqk6GuBX3krsKTcojo1rXxuKyO1ZfDXm
e0pkabTlw7wvndhollrpkDq4nSOcrGjs7vA/ATNw4tPGYH8IO8Mf2ValHq5JvV9+Hk39FyyxikvX
8GeTMlFztTKMy9nL1a9NnTb+7u7LeNP34c39thOSGyOxJ8eWXYd7mrix+OuPdg0PjCQ5+mssZ2mP
f0ZYd1d5ZBJBgS5d6KItEaTmkPJdUMtUm2zY9ooYl1wuKS8a3pohHLirhuaYXKikZcSzqkrq0QwF
mdib4deckrEazPt1I0+zXStlCufQRslCGhagM3asawll1W64GQCaa6nG4qWS1ltKO0NNaiTtqiSF
HUxCMS+m3RohVrWVkuvdLoz1DEuht0X5IVFPYxtJlK4gri2/O9xdpiuwZrYTMjB1VZGNcN3Iy5PU
ywyi6/VTNOeigxmzs4QrYRkbJsiQoKIkZc0SmYhWulvkzZb5JQkntyrKSWSuXUyBVhJVi0e2yqMA
tJRaYcqDnkFgouQvJr4IYl8C4oyFTI1A8rJ6zeQneVKRAY1A1qyBRa6zILF8Js7bidCm61RWJaGa
gnQa9qE0Hox0JzLOjX2Kg792aOgNOJKzIr8sZMw6Zq3TVYCxETdVai2juKblpWHKeJ7IcPeM8/J8
zejERktbGx93ELMoqcaSQ1v1p1fANfPpFOLLVnTjLCSkzGINOzK4MQcFArhWR09JAV0ZqjS46hPy
1DpYkaQO5jx98inCBHgSzGeIoLVqxPpeUvH7RqxYvwnQaOxvbnm1/R2sJKOb2HIiKkDYAjgS3cDS
b+Zw5/NniBSjnDlW4xRnhptaUm+5HFGVKJJtXHd8sMJ+a072NjLKWQrYlW6HXtjNEWraubUUhNyb
tD5aHCij2GZ4PEgTOTkZTYWDEMyQgDjR/ERhLC+9X19tuyuzFgpA0yWxniRqalHPppOHXiRvmm33
MjXEMkKoU7utJveLbXC/wV9Lwdu90wwit6uDtcJLU0YRpg7cTREGJ1cUWWn0GDNQHUhh5eDENig9
Z8JicYUMcnik5FqGlHfR3HeakNXw6YSr4xrh1o+0FHNs5qQxRGeSaTsN3Z1V4zVDCIaIc2sv+6sv
zebziS/NLihwjXCWp99U4bYbn4e74D2wcOcXoRB0hsRSAamJlqR2HSlIZZQwaUbqWnhCf9GJ8IeR
hDPGmUVa4jIpuvON1VIm17K8SpjQH+dShoKohDGlNpQvIzDAuoDQ2DWOI8nVohpse1FEWweVbEth
JI+qHKMkfWFTjXHtjBE2GyehgwMkKiaiqVI5KIWEnEVpPR7IgejtG1wkkkJIsh8cE0bqRF/fVFSF
nzHd+24KicuSSVUnikUM5MmryQyQwgJ808ucsSOElkYkNcJs7GePRcth2q0682NjLHvqQkdArm3n
RKrcipkN1sNwylBVGGrO6VFRfBmj0Q+aJ0WzMIhk6ikQ6taOk7aMsjHGkuhjGRGwyvQpVDDHJ9IT
olyGN+ZPVdD6l2j/xdyRThQkCNx0PcA=