From 5f131a787efcda109e405fe99104626bc912194d Mon Sep 17 00:00:00 2001 From: Kaz Kylheku Date: Tue, 26 Feb 2019 08:27:04 -0800 Subject: linenoise: defensive null pointer check. * linenoise/linenoise.c (move_cursor_multiline): If the npos argument happens to be equal to the current position (the operation is a null move), then no movement is generated. In that case, no ab_append operation is called, and ab.b will stay null; this null pointer then gets passed to lino_os.puts_fn as the string to output, and that will blow up. This situation hasn't actually been observed. --- linenoise/linenoise.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'linenoise') diff --git a/linenoise/linenoise.c b/linenoise/linenoise.c index cb4b9f41..50e44e00 100644 --- a/linenoise/linenoise.c +++ b/linenoise/linenoise.c @@ -1272,7 +1272,8 @@ static void move_cursor_multiline(lino_t *l, int npos) ab_append(&ab, seq, wcslen(seq)); } - (void) lino_os.puts_fn(l->tty_ofs, ab.b); + if (ab.b) + (void) lino_os.puts_fn(l->tty_ofs, ab.b); ab_free(&ab); l->dpos = npos; l->oldrow = nrow; -- cgit v1.2.3