Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Uninitialized read in favorites_add() #471

Open
juppytt opened this issue Dec 5, 2022 · 1 comment
Open

Uninitialized read in favorites_add() #471

juppytt opened this issue Dec 5, 2022 · 1 comment
Assignees
@dvorka
Labels
🪲 bug :feelsgood: high
Milestone
3.2 TIOCSTI strik...

Comments

@juppytt
Copy link
Contributor

juppytt commented Dec 5, 2022

  1. Launch hstr with favorites view `./src/hstr -f'. Both history and favorites files (~/.zsh_history and ~/.hstr_favorites) are empty.
  2. Search a string (e.g., 'AAA`)
  3. Switch to the ranking view (Ctrl-Slash)
  4. Reach the prompt bottom (Ctrl-J) and add it to the favorites (Ctrl-F)
  5. Crashes with invalid read. hstr->selection is allocated but not initialized.

hstr/src/hstr.c

Lines 1210 to 1217 in be59f8c

char* getResultFromSelection(int selectionCursorPosition, Hstr* hstr, char* result) {
if (hstr->promptBottom) {
result=hstr->selection[hstr->promptItems-selectionCursorPosition-1];
} else {
result=hstr->selection[selectionCursorPosition];
}
return result;
}

hstr/src/hstr.c

Lines 1395 to 1402 in be59f8c

case K_CTRL_F:
if(selectionCursorPosition!=SELECTION_CURSOR_IN_PROMPT) {
result=getResultFromSelection(selectionCursorPosition, hstr, result);
if(hstr->view==HSTR_VIEW_FAVORITES) {
favorites_choose(hstr->favorites, result);
} else {
favorites_add(hstr->favorites, result);
} 

Stopped reason: SIGSEGV
0x00007ffff7ce8717 in ?? () from /usr/lib/x86_64-linux-gnu/libc.so.6
gdb-peda$ bt
#0  0x00007ffff7ce8717 in ?? () from /usr/lib/x86_64-linux-gnu/libc.so.6
#1  0x00005555555cb10d in __interceptor_strlen (
    s=0xbebebebebebebebe <error: Cannot access memory at address 0xbebebebebebebebe>)
    at /home/juhee/project/foxfuzz/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:459
#2  0x000055555566f30d in hstr_strdup (
    s=0xbebebebebebebea0 <error: Cannot access memory at address 0xbebebebebebebea0>, 
    s@entry=0xbebebebebebebebe <error: Cannot access memory at address 0xbebebebebebebebe>)
    at hstr_utils.c:34
#3  0x000055555567156f in favorites_add (favorites=0x603000000070, 
    newFavorite=0xbebebebebebebebe <error: Cannot access memory at address 0xbebebebebebebebe>)
    at hstr_favorites.c:149
#4  0x000055555567be90 in loop_to_select () at hstr.c:1401
#5  0x000055555567d6fa in hstr_interactive () at hstr.c:1660
#6  0x000055555567dcce in hstr_main (argc=0x2, argv=0x7fffffffe058) at hstr.c:1744
#7  0x00007ffff7b84083 in __libc_start_main () from /usr/lib/x86_64-linux-gnu/libc.so.6
#8  0x000055555557559e in _start ()
gdb-peda$
@dvorka dvorka self-assigned this Dec 7, 2022
@dvorka
Copy link
Owner

dvorka commented Dec 7, 2022

Thank you @juppytt!

@dvorka dvorka mentioned this issue Jan 23, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dvorka dvorka

Labels
🪲 bug :feelsgood: high
Projects
None yet
Milestone
3.2 TIOCSTI strikes back!
Development

No branches or pull requests
2 participants
@dvorka @juppytt