lineedit: fix SEGV in isk, hexedit, ed, closes 11661

fdisk, hexedit and ed calls read_line_edit in libbb/lineedit.c with NULL
as first argument. On line 2373 of lineedit.c of busybox version 1.29.3,
state->hist_file is referenced without checking the state->flag.

This causes segmentation fault on fdisk, hexedit and ed on ARM Cortex-A9.
It somehow works on x86_64.

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

diff --git a/libbb/lineedit.c b/libbb/lineedit.c
index 0a888fa703eb812fd1e31889666add591029806f..1d5fef5ee05a9dc4add8e536831a4b6b5e09b50f 100644 (file)
--- a/libbb/lineedit.c
+++ b/libbb/lineedit.c
@@ -2383,13 +2383,14 @@ int FAST_FUNC read_line_input(line_input_t *st, const char *prompt, char *comman
                timeout = st->timeout;
        }
 #if MAX_HISTORY > 0
+       if (state->flags & DO_HISTORY) {
 # if ENABLE_FEATURE_EDITING_SAVEHISTORY
-       if (state->hist_file)
-               if (state->cnt_history == 0)
-                       load_history(state);
+               if (state->hist_file)
+                       if (state->cnt_history == 0)
+                               load_history(state);
 # endif
-       if (state->flags & DO_HISTORY)
                state->cur_history = state->cnt_history;
+       }
 #endif
 
        /* prepare before init handlers */