https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=233343
Jilles Tjoelker <jil...@freebsd.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|New |Open
--- Comment #3 from Jilles Tjoelker <jil...@freebsd.org> ---
I notice a bug in libedit. The function map_bind() in lib/libedit/map.c assumes
that the argv array ends with a NULL string pointer, but the documentation for
el_parse() does not say this is required and the implementation of
ct_decode_argv() does not make it such. As a result, memory out of bounds of
the allocation is accessed.
Since applications calling el_wparse() cannot be assumed to add the NULL
sentinel, functions like map_bind() should be adjusted (there may be more
places making this incorrect assumption).
By the way, I don't think the approach of converting strings into wchar_t
strings (that is, UTF-32, most of the time) should be repeated in new code.
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
