https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=233343
Jilles Tjoelker <jil...@freebsd.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|New |Open --- Comment #3 from Jilles Tjoelker <jil...@freebsd.org> --- I notice a bug in libedit. The function map_bind() in lib/libedit/map.c assumes that the argv array ends with a NULL string pointer, but the documentation for el_parse() does not say this is required and the implementation of ct_decode_argv() does not make it such. As a result, memory out of bounds of the allocation is accessed. Since applications calling el_wparse() cannot be assumed to add the NULL sentinel, functions like map_bind() should be adjusted (there may be more places making this incorrect assumption). By the way, I don't think the approach of converting strings into wchar_t strings (that is, UTF-32, most of the time) should be repeated in new code. -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"