[{"id":3674422,"web_url":"http://patchwork.ozlabs.org/comment/3674422/","msgid":"","list_archive_url":null,"date":"2026-04-07T11:04:29","subject":"Re: [PATCH v2] util/readline: Fix out-of-bounds access in\n readline_insert_char().","submitter":{"id":6442,"url":"http://patchwork.ozlabs.org/api/people/6442/","name":"Marc-André Lureau","email":"marcandre.lureau@gmail.com"},"content":"Hi\n\nOn Mon, Apr 6, 2026 at 9:05 AM wrote:\n>\n> From: Nguyen Dinh Phi \n>\n> Currently, the readline_insert_char() function is guarded by the cursor\n> position (cmd_buf_index) rather than the actual buffer fill level(cmd_buf_size).\n> The current check is:\n> if (rs->cmd_buf_index < READLINE_CMD_BUF_SIZE)\n>\n> This logic is flawed because if the command buffer is full and a user moves the\n> cursor backward (e.g. by sending left arrow key), cmd_buf_index can be\n> decreased without descreasing of buffer size.\n> This allow subsequent insertions to increase cmd_buf_size past its maximum\n> limit of rs->cmd_buf.\n>\n> Because in the ReadLineState struct, cmd_buf[READLINE_CMD_BUF_SIZE + 1] is\n> immediately followed by the cmd_buf_index integer, once the buffer size is\n> sufficiently inflated, the memmove() operation inside readline_insert_char()\n> can write past the end of cmd_buf[] and overwrites cmd_buf_index itself.\n>\n> The subsequent line:\n> rs->cmd_buf[rs->cmd_buf_index] = ch;\n>\n> then writes the input character to an address determined by the now-corrupted\n> index.\n>\n> By providing a specifically crafted input sequence via HMP, this flaw can be\n> used to redirect the write operation to overwrite any field within the\n> ReadLineState structure, which can lead to unpredictable behavior or\n> application crashes.\n>\n> Fix this by adding the guard to check for buffer fullness.\n>\n> Signed-off-by: Nguyen Dinh Phi \n\nReviewed-by: Marc-André Lureau \n\n> ---\n> util/readline.c | 4 +++-\n> 1 file changed, 3 insertions(+), 1 deletion(-)\n> ---\n> V2:\n> use assert() to check the value of cmd_buf_index before the\n> insertion.\n>\n> diff --git a/util/readline.c b/util/readline.c\n> index 0f19674f52..e2664e48ca 100644\n> --- a/util/readline.c\n> +++ b/util/readline.c\n> @@ -84,7 +84,9 @@ static void readline_update(ReadLineState *rs)\n>\n> static void readline_insert_char(ReadLineState *rs, int ch)\n> {\n> - if (rs->cmd_buf_index < READLINE_CMD_BUF_SIZE) {\n> + assert(rs->cmd_buf_index <= rs->cmd_buf_size);\n> +\n> + if (rs->cmd_buf_size < READLINE_CMD_BUF_SIZE) {\n> memmove(rs->cmd_buf + rs->cmd_buf_index + 1,\n> rs->cmd_buf + rs->cmd_buf_index,\n> rs->cmd_buf_size - rs->cmd_buf_index);\n> --\n> 2.43.0\n>","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20251104 header.b=gyXGxI7l;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from lists.gnu.org (lists.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fqxJ00FsTz1yGM\n\tfor ; Wed, 08 Apr 2026 05:35:44 +1000 (AEST)","from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from )\n\tid 1wABVh-0007JP-KC; Tue, 07 Apr 2026 14:50:49 -0400","from eggs.gnu.org ([2001:470:142:3::10])\n by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from )\n id 1wABTj-0003Pl-NP\n for qemu-devel@nongnu.org; Tue, 07 Apr 2026 14:48:47 -0400","from mail-dy1-x1333.google.com ([2607:f8b0:4864:20::1333])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.90_1) (envelope-from )\n id 1wA4Ed-0000G0-Ap\n for qemu-devel@nongnu.org; Tue, 07 Apr 2026 07:04:44 -0400","by mail-dy1-x1333.google.com with SMTP id\n 5a478bee46e88-2cd339aeab4so3594324eec.0\n for ; Tue, 07 Apr 2026 04:04:42 -0700 (PDT)"],"ARC-Seal":"i=1; a=rsa-sha256; t=1775559881; cv=none;\n d=google.com; s=arc-20240605;\n b=agyR4bAt3bBUEMs5cqX3F1R3uk49gTwZub+d5EIY9gaaFzjZtqj9iFyNvAuLsO7LKo\n 53ITqglhYoOoIUNHzLdm+ZjjOcHh+jM29KlcRrxSgz/m1rGxKpDXqZso/MRD9fG476Hy\n MbvvOVBIElgwb2HnVPiAmdwsfwzYT/P4V6Qyp9miuuA76x1qPzQCIanfOO4VXMOij4Ya\n +bxoIk54QdQdSG8TNtfxfBsa8/zoPP/EgVVOpFKkat/HJWt5YeTFSLQBrdJmO8F9CXZn\n YWwHsFl+8mucIFCqUTtB0LjJEAHqbzsc4oovSI1Iubc6X13SWSbfcuFCxWwTkloNhMft\n LEpg==","ARC-Message-Signature":"i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;\n s=arc-20240605;\n h=content-transfer-encoding:cc:to:subject:message-id:date:from\n :in-reply-to:references:mime-version:dkim-signature;\n bh=o0JvVJzms3rwdEfr3B7aHFbyg1oD+Eh9757f9pxNpp8=;\n fh=d56RIs5MME7L2k1f4uJ9zAAS8qff8nLQEYFQrPIN9/Q=;\n b=OUoQuOPj0bndutg7UbjDMuDGCi9WmfOrvD0707lD6uFLfhNPQNemlP1rAcWhq8rn7E\n D5NhFbpGPZULWyk8FPCMSoC88x1Jtr2pQkNSkRZK+4oKN9MSgs4Z0EGQX6JaX8E6tGOM\n IAlgwH6RBthzrATdqZNvB1CdiLoiGZETPBe8nixFWHUbXysnYoce2A4Sp37d/qtKU0F6\n uQTVmiao9NZQ9I/vDFtHVXFh84K+DrnJegrup+lYpU8ArmMDpeSWJeP0Dlx/YBFCMnvD\n swzqjZ5eTERNDTf+NlsKCvD+X1+yIJ19VwxfJKvff/m9AFWRTtrxCME9akFyD70+N/fJ\n oZoA==; darn=nongnu.org","ARC-Authentication-Results":"i=1; mx.google.com; arc=none","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=gmail.com; s=20251104; t=1775559881; x=1776164681; darn=nongnu.org;\n h=content-transfer-encoding:cc:to:subject:message-id:date:from\n :in-reply-to:references:mime-version:from:to:cc:subject:date\n :message-id:reply-to;\n bh=o0JvVJzms3rwdEfr3B7aHFbyg1oD+Eh9757f9pxNpp8=;\n b=gyXGxI7lEoWzaUl395COpchtzmH5IMZ4w5zIIh4W+KxlDTxC3IJ4tl3nPmz3owNYmm\n bzIj01GjehNf33afGPMipiU1vYeTu/LlstvFGSDJE3T5UFLja8Liz58hqpr0l57d9Iax\n 56Im1+Gq41h4fQ8GVYmz8Yt31fOfOrcT3jlKvjhzkcKipo2/9brsKs9hRlLs065KhUB5\n lNeoKWuVKpG0RoLuGayDZz86rCQTIOXzx+C+UgzP/goxbnGyxQ3bQ6yZpLf4WdKDjvkT\n Fge96w3LvnHriqWCQyG14U5eesbyAeVu0SMciYQaOEedabPIxn/rwqIxOehcr8TAv0yV\n jtyA==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1775559881; x=1776164681;\n h=content-transfer-encoding:cc:to:subject:message-id:date:from\n :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from\n :to:cc:subject:date:message-id:reply-to;\n bh=o0JvVJzms3rwdEfr3B7aHFbyg1oD+Eh9757f9pxNpp8=;\n b=CcsH/gVgNqlTW0fcJyGXptSBlTBo5Ac7JahoTYfJN5FDa3m+GSJFb9vWtw4KfRDZZg\n 4HrebTJ1LQuWR3FCLZrdBgO20Q4wYvJBpsE76GeMqb2WmQIjSoRkKjXG9OGvlK7S5NUl\n Fz+y4TDZUxl7pSDxvFF2tg3jGyLjX3OHF6g2e74cpMAGEg674D0Gl9VdyhKfaYXN8KH1\n vcLKfYq/tMISpadyfuRFYlurgP7BK5el76YYrmhfLpZPTu5jTh65bqtxqNLV0w3uVR9U\n xcUoVIDnkyv/AxSEYL7X16tAIICQCEGGJC9a/sHlAzNoEVV/LqFiVeLyQK+EREtyPSvI\n ODNw==","X-Gm-Message-State":"AOJu0YzxIPRRPVRSaV9bM3+7bNjFiMyXRespvhXUwzObfMHh0g//FMPy\n +0q3ZgLGuYiuTu6+39Ib34C1WLFFFhbKHvuwy6bjb/HHSj8Fh29R6+Pshg1T4mLWgkIG1cbqC4L\n S8b36JtjUKAVK7oa9kHITYCfnweZZYJA=","X-Gm-Gg":"AeBDieucozhoYHAAsM18jYVKqGS3/e1a3kVv8jQln2OLPJuC1tLrmiWFU2rbUo3XEuI\n 6uh4oD33ACYn8K42T+PVLZJLvKLn+RhEYXyJmtIBM1HV3Xv27jrhpFQTVzidgdsx5AUZZi11z36\n Wmykgi+hVMBAVj3yj2v2cQKn4w7jIzB4Im0GlCVpakAKCRBJxvEt7yU634/k+OjzJQ7kkvhrho7\n TEOJXLAVdOdGnHi0GY0VckrsY52i2CXQpBIsVumk+eSuHvZenx0Xd7AQGvcEOv28N3cjyFB6bnX\n VsX9hqdTbT+sQq+VDo+q1Rl5zX8ORbYfIQan6xTf7pGInJWYoA==","X-Received":"by 2002:a05:7300:dc88:b0:2c5:b23e:48a4 with SMTP id\n 5a478bee46e88-2cbf69984ebmr7808018eec.0.1775559881132; Tue, 07 Apr 2026\n 04:04:41 -0700 (PDT)","MIME-Version":"1.0","References":"<20260406050454.284873-2-phind.uet@gmail.com>","In-Reply-To":"<20260406050454.284873-2-phind.uet@gmail.com>","From":"=?utf-8?q?Marc-Andr=C3=A9_Lureau?= ","Date":"Tue, 7 Apr 2026 15:04:29 +0400","X-Gm-Features":"AQROBzDRBD2epdYPy98FV4rYVhYGs0O02M2WrR4a69p03IZMD_A-wC9OeMYokxQ","Message-ID":"\n ","Subject":"Re: [PATCH v2] util/readline: Fix out-of-bounds access in\n readline_insert_char().","To":"phind.uet@gmail.com","Cc":"qemu-devel@nongnu.org, \"Dr. David Alan Gilbert\" ","Content-Type":"text/plain; charset=\"UTF-8\"","Content-Transfer-Encoding":"quoted-printable","Received-SPF":"pass client-ip=2607:f8b0:4864:20::1333;\n envelope-from=marcandre.lureau@gmail.com; helo=mail-dy1-x1333.google.com","X-Spam_score_int":"-20","X-Spam_score":"-2.1","X-Spam_bar":"--","X-Spam_report":"(-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,\n DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,\n RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,\n SPF_PASS=-0.001 autolearn=ham autolearn_force=no","X-Spam_action":"no action","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"qemu development ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org"}},{"id":3674954,"web_url":"http://patchwork.ozlabs.org/comment/3674954/","msgid":"","list_archive_url":null,"date":"2026-04-08T18:16:24","subject":"Re: [PATCH v2] util/readline: Fix out-of-bounds access in\n readline_insert_char().","submitter":{"id":5111,"url":"http://patchwork.ozlabs.org/api/people/5111/","name":"Peter Maydell","email":"peter.maydell@linaro.org"},"content":"On Tue, 7 Apr 2026 at 20:35, Marc-André Lureau\n wrote:\n>\n> Hi\n>\n> On Mon, Apr 6, 2026 at 9:05 AM wrote:\n> >\n> > From: Nguyen Dinh Phi \n> >\n> > Currently, the readline_insert_char() function is guarded by the cursor\n> > position (cmd_buf_index) rather than the actual buffer fill level(cmd_buf_size).\n> > The current check is:\n> > if (rs->cmd_buf_index < READLINE_CMD_BUF_SIZE)\n> >\n> > This logic is flawed because if the command buffer is full and a user moves the\n> > cursor backward (e.g. by sending left arrow key), cmd_buf_index can be\n> > decreased without descreasing of buffer size.\n> > This allow subsequent insertions to increase cmd_buf_size past its maximum\n> > limit of rs->cmd_buf.\n> >\n> > Because in the ReadLineState struct, cmd_buf[READLINE_CMD_BUF_SIZE + 1] is\n> > immediately followed by the cmd_buf_index integer, once the buffer size is\n> > sufficiently inflated, the memmove() operation inside readline_insert_char()\n> > can write past the end of cmd_buf[] and overwrites cmd_buf_index itself.\n> >\n> > The subsequent line:\n> > rs->cmd_buf[rs->cmd_buf_index] = ch;\n> >\n> > then writes the input character to an address determined by the now-corrupted\n> > index.\n> >\n> > By providing a specifically crafted input sequence via HMP, this flaw can be\n> > used to redirect the write operation to overwrite any field within the\n> > ReadLineState structure, which can lead to unpredictable behavior or\n> > application crashes.\n> >\n> > Fix this by adding the guard to check for buffer fullness.\n> >\n> > Signed-off-by: Nguyen Dinh Phi \n>\n> Reviewed-by: Marc-André Lureau \n\nThanks; this seemed worth getting into the next rc so I have applied\nit directly to git.\n\n-- PMM","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256\n header.s=google header.b=YTC2S/qL;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from lists.gnu.org (lists1p.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4frYJM086tz1yD3\n\tfor ; Thu, 09 Apr 2026 05:38:11 +1000 (AEST)","from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from )\n\tid 1wAYcG-0005k9-Ka; Wed, 08 Apr 2026 15:31:08 -0400","from eggs.gnu.org ([2001:470:142:3::10])\n by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from )\n id 1wAYAE-00011E-M1\n for qemu-devel@nongnu.org; Wed, 08 Apr 2026 15:02:10 -0400","from mail-yx1-xb130.google.com ([2607:f8b0:4864:20::b130])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.90_1) (envelope-from )\n id 1wAXS9-0001EN-4U\n for qemu-devel@nongnu.org; Wed, 08 Apr 2026 14:16:38 -0400","by mail-yx1-xb130.google.com with SMTP id\n 956f58d0204a3-64eb84d1e37so37799d50.2\n for ; Wed, 08 Apr 2026 11:16:36 -0700 (PDT)"],"ARC-Seal":"i=1; a=rsa-sha256; t=1775672196; cv=none;\n d=google.com; s=arc-20240605;\n b=F4JwIfIFEMlve0oYqXNo7jf9sMrHefZkD2t9xbAmCLD4v/X/4hzWBhvbVPO+9vmgyV\n YlEPujlaHjGcQNCIHR4+KrJziGXXIcqAW4efuGtmTvPJsgxFTpXCJbs+iJ5+yfIXzn+G\n rATl5r8qCotiZdu0HllTWtjBA3VXcdqmcXK9E4iV8vSNkYfIuX9PfGkswFCxr0YGzZpq\n RtjIU8m3ZvKOPh72svZNOGc+EtVwbSiu2q9knx7dt0ySX+a8A6v+sT8iu7Kx41Di96zr\n L/+3P+XlV97SxiqlPfPF5TYFhd8FAhIF6tZKQCHNYYlhZpUBLt6grEWzJN5ugENgC0j9\n bFAQ==","ARC-Message-Signature":"i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;\n s=arc-20240605;\n h=content-transfer-encoding:cc:to:subject:message-id:date:from\n :in-reply-to:references:mime-version:dkim-signature;\n bh=6kTbeGa/clPqmvVjSOI31yqD62ciz+XvmD/PJQjLDnY=;\n fh=D0886OQT3U9WEUIwxipNu7a8Ru+zpuuSncWDB1+vPmY=;\n b=BSZZZ+LaYveNwhHNuJKEGioqUb4TJCjFoQ0vgdvG+oiKw6miW+xl/rk7jZ3AXNYUcf\n Wth81PPdyaozSLoDZu7KXEXSkmZ+3IpvYQbN9vqNcpjeuloYLSd9ucWdyNp0UYMSniVk\n cesbZ1E1J6f4j6VzWPQ3PSGLatTCIi626Sg7lRUtTwNoeC+HX9A6tw4KwThW/2K46YcX\n AIVByDzfI3+xJh87Gvencrgg9exmoX/oep0k+7/KhuIoIZuyEy7gCo2Kh8kkvDReo3xD\n NkYvxX2fIxCzkojJdmdLlO6MY5CesMsOQ+fmQj1vRyFkxr7MaKMPi1XvXOrgUPTA+npX\n 4JtQ==; darn=nongnu.org","ARC-Authentication-Results":"i=1; mx.google.com; arc=none","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=linaro.org; s=google; t=1775672196; x=1776276996; darn=nongnu.org;\n h=content-transfer-encoding:cc:to:subject:message-id:date:from\n :in-reply-to:references:mime-version:from:to:cc:subject:date\n :message-id:reply-to;\n bh=6kTbeGa/clPqmvVjSOI31yqD62ciz+XvmD/PJQjLDnY=;\n b=YTC2S/qLjFpP8JdNHZgQb+OQHACz6Z+7MDwULx3LMsWIdzv48KYUz13IbndQYR1tnh\n CbGU8wz3gCE5FQ2une84vJPCk7WGHESi25jGm7YBKuQE7zAupiSgZ057n7YZvbktyB12\n 9C9i2Z+aGgJ14ACJS454MjVz291Hk9Ntnvqqy7YczqBoHxq2aGa24bp/Kwxoalnu03+E\n AWVofPgJdFRyQk2MstUDRFVSuh5CWZEiHrIZtA4hSvASjv4IqmUlRapuktih2k65EV/u\n UIIWML3Ahjk5BL7CJIgRar6yJhIlwrEOfxksOpJZz+kTVfqn3Ud3VtYpBmW0fkCYfTMX\n eCyQ==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1775672196; x=1776276996;\n h=content-transfer-encoding:cc:to:subject:message-id:date:from\n :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from\n :to:cc:subject:date:message-id:reply-to;\n bh=6kTbeGa/clPqmvVjSOI31yqD62ciz+XvmD/PJQjLDnY=;\n b=Ro/Y5Wh1F+/6Rdat2lA9zIAQBYPU9c7rvc6zXJ22PHhLH5YEacOfTR5UVOpNbm7XwL\n dNVIb95lkrEAuZpnbNQpnRpt3JgBTnJbbpolYZfr1B9E+AUKmIJCuCFTNOay9Q4GgxWs\n FwQsytLUUObr6kz9dWFcsspxNWnZ6SzRdRcRNObyebLVIvUn8TWaqhgnVNTENwmpJP96\n EbAM7UKiSk0NQN8Yjkcsz916l+FeDs32AJ5Fsd1CdArTJwMErflhcBuYwSE926l+fsHb\n cg2uhz17dN9dLA8GClBXMkTWmAPGBWzO3APBaWlCmzR1YO2FDqmF28LrymSxUfxhNGk7\n 3vYw==","X-Forwarded-Encrypted":"i=1;\n AJvYcCU6SdufmPotsGjm7WNREavUvqjT65+OBDggyr3jNlnQrao4x0BpzcV+4hl6WShSoRqiSmKpx9Rtq1He@nongnu.org","X-Gm-Message-State":"AOJu0YxMW5RRld3fLEYQxHihMlFrBouzUKZS4OjzgnNPSBhIjM+Mgpoq\n pN1dPngQHdqTWPmALCks7ji1o27b//I9jx8KS8k4/W1U3/+hEbiqy1hZ89qiJQ4I5v3C1dD+OUz\n X/yJ890uhd1My+Iu0fRH+GAk3bKHZJoHwgBdlw3meiw==","X-Gm-Gg":"AeBDietOS6/VcFMfhbuBVHMCl2v08pPPaNesXvNSMT30GnRtz7oCxAXpa2BBlwfaFRs\n mJ9h7GC/t9xkhvibwUhrrp4AXf/0njPnDl+/+m5EOf3rz3+wc5rU03ptKngxrLYAo0Sk0V4yRX5\n o4RpD/gghTWE/vCudtQAjwgj9/UicaKMEpRWzJFFCmTeIQi3QMprFze5wAodStxjmzSaetr3T7d\n 2vFdt4Y71Ii+gcEfuS3jPCezMGd+1GF8JiT903zLeqMvEw0bdB0NoTFhCjoLhugNwN/Pk2een7c\n FcqCcG+L03kQUySXa0Z7hLD3bsluoBH3if12BRCjE4yB8MSzCLL7eipRHBezdI5/VItI4wfVsai\n jBw==","X-Received":"by 2002:a05:690e:1588:10b0:650:14cd:6706 with SMTP id\n 956f58d0204a3-650486b4c9cmr16063687d50.3.1775672195636; Wed, 08 Apr 2026\n 11:16:35 -0700 (PDT)","MIME-Version":"1.0","References":"<20260406050454.284873-2-phind.uet@gmail.com>\n ","In-Reply-To":"\n ","From":"Peter Maydell ","Date":"Wed, 8 Apr 2026 19:16:24 +0100","X-Gm-Features":"AQROBzBP9Yj0DykTubh7exc5mziYw4DKKASafAHs7zyF7FspL7j0-JpdrRAqgRk","Message-ID":"\n ","Subject":"Re: [PATCH v2] util/readline: Fix out-of-bounds access in\n readline_insert_char().","To":"=?utf-8?q?Marc-Andr=C3=A9_Lureau?= ","Cc":"phind.uet@gmail.com, qemu-devel@nongnu.org,\n \"Dr. David Alan Gilbert\" ","Content-Type":"text/plain; charset=\"UTF-8\"","Content-Transfer-Encoding":"quoted-printable","Received-SPF":"pass client-ip=2607:f8b0:4864:20::b130;\n envelope-from=peter.maydell@linaro.org; helo=mail-yx1-xb130.google.com","X-Spam_score_int":"-20","X-Spam_score":"-2.1","X-Spam_bar":"--","X-Spam_report":"(-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,\n DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,\n RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,\n SPF_PASS=-0.001 autolearn=ham autolearn_force=no","X-Spam_action":"no action","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"qemu development ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org"}}]