From 0bd7d1236cce150d286710d2e069ac8a10ada307642b8c47789697ec8a1df6c6 Mon Sep 17 00:00:00 2001
From: "Dr. Werner Fink" <werner@suse.com>
Date: Wed, 7 Dec 2016 15:32:27 +0000
Subject: [PATCH] Add patch from community

OBS-URL: https://build.opensuse.org/package/show/shells/tcsh?expand=0&rev=65
---
 tcsh-6.20-ptr-update.patch | 42 ++++++++++++++++++++++++++++++++++++++
 tcsh.changes               |  6 ++++++
 tcsh.spec                  |  3 +++
 3 files changed, 51 insertions(+)
 create mode 100644 tcsh-6.20-ptr-update.patch

diff --git a/tcsh-6.20-ptr-update.patch b/tcsh-6.20-ptr-update.patch
new file mode 100644
index 0000000..d18663d
--- /dev/null
+++ b/tcsh-6.20-ptr-update.patch
@@ -0,0 +1,42 @@
+The code in tw_str_add() attempts to be efficient by sliding the
+pointers to reallocated elements within the string list to the new
+virtual address using a computed offset between buffers.
+
+For bounds checked pointers, this produces out of bounds pointers.
+Additionally, the subtraction of pointers to different objects is
+undefined in C so a sufficently "smart" compiler could chose to do
+anything here since in knows the objects are different.
+
+We need this change on our research platform to avoid crashes in tab
+completion.
+
+-- Brooks
+
+commit 85489fafb8fd908ba307df0c774e1706c19cd4b8
+Author: Brooks Davis <brooks@one-eyed-alien.net>
+Date:   Wed Dec 7 01:04:14 2016 +0000
+
+    Fix a pointer provenance error in list extension.
+    
+    When updating pointers to a buffer of linked list elements, derive
+    the new pointers from the new buffer rather than updating the old pointers
+    to the new virtual memory address of the buffer (resulting in out of bounds
+    values).
+
+---
+ tw.init.c |    3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- tw.init.c
++++ tw.init.c	2016-12-07 15:27:20.024397004 +0000
+@@ -125,9 +125,8 @@ tw_str_add(stringlist_t *sl, size_t len)
+ 	sl->buff = xrealloc(sl->buff, sl->tbuff * sizeof(Char));
+ 	/* Re-thread the new pointer list, if changed */
+ 	if (ptr != NULL && ptr != sl->buff) {
+-	    intptr_t offs = sl->buff - ptr;
+ 	    for (i = 0; i < sl->nlist; i++)
+-		sl->list[i] += offs;
++		sl->list[i] = sl->buff + (sl->list[i] - ptr);
+ 	}
+ 	disabled_cleanup(&pintr_disabled);
+     }
diff --git a/tcsh.changes b/tcsh.changes
index ef5ebcf..6201c20 100644
--- a/tcsh.changes
+++ b/tcsh.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Dec  7 15:29:56 UTC 2016 - werner@suse.de
+
+- Add patch tcsh-6.20-ptr-update.patch from mailing list to correct
+  updating pointers to a reallocated buffer of of linked list elements 
+
 -------------------------------------------------------------------
 Thu Dec  1 11:53:40 UTC 2016 - werner@suse.de
 
diff --git a/tcsh.spec b/tcsh.spec
index 65aa81f..235ae71 100644
--- a/tcsh.spec
+++ b/tcsh.spec
@@ -39,6 +39,8 @@ Patch10:        tcsh-6.18.03-history-merge.dif
 Patch11:        tcsh-6.19.00-history-file-locking-order.patch
 # PATCH-FIX-COMUNITY fix handling of rmstar
 Patch12:        tcsh-6.20-rmstar.patch
+# PATCH-FIX-COMUNITY fix updating pointers to a reallocated buffer of linked list elements
+Patch13:        tcsh-6.20-ptr-update.patch
 BuildRequires:  autoconf
 BuildRequires:  fdupes
 BuildRequires:  ncurses-devel
@@ -68,6 +70,7 @@ correction, a history mechanism, job control, and a C-like syntax.
 %patch10 -b .histmerg
 %patch11 -b .histlckord
 %patch12 -p1 -b .rmstar
+%patch13 -p0 -b .ptrbuf
 %patch0 -b .0
 
 %build