Fix overflow if history size is integer multiple of entries by f-adler · Pull Request #13 · dimmykar/microrl-remaster

f-adler · 2025-11-21T11:33:37Z

Thanks for the great library! I'm really happy with it. However, I came across an edge case which led to a crash in my system.

The issue can be reproduced with the following use case:

Default history size: MICRORL_CFG_RING_HISTORY_LEN 64
Commands send to history: Display.Backlight(0), Display.Backlight(1), Display.Backlight(2), Display.Backlight(3).
Sending the up-key to select the last history entry subsequently crashed my program

Analysis:

Contents of the commands don't matter, the error is seemingly triggered by the length of the commands leading to the trailing \0 being the last byte of the buffer.

There is an out-of-bounds situation on this variable

++idx;                                      /* Move position from `\0` marker */

(see diff)

Crash happened here:

size_t part0 = MICRORL_ARRAYSIZE(rbuf_ptr->ring_buf) - idx;
memcpy(line_str, rbuf_ptr->ring_buf + idx, part0);

with a negative part0 leading to memory overwrites.

The proposed code changes fix the error but additional consequences are not entirely clear. Feedback always welcome.

Cheers!
Felix

f-adler added 2 commits November 21, 2025 12:16

Fix overflow if history size is integer multiple of entries

ef2c6fa

Feature: add configuration to disable the tokenizer

20dce4b

Provide feedback