From 48eb25df687d51c9bdb4677c72e08ed3fde1b186 Mon Sep 17 00:00:00 2001
From: Dmitry Chagin <dchagin@FreeBSD.org>
Date: Sat, 25 Mar 2017 14:09:12 +0000
Subject: [PATCH] Update vendor/tcsh to git b605cb561d

Vendor changes:

1. PR/471: Daiki Ueno: Delay interpreting arginp until we've processed
our startup files (which can change the NLS environment).

2. Fix type of read in prompt confirmation (eg. rmstar) (David Kaspar).

3. Fix out of bounds read (Brooks Davis)
(reproduce by starting tcsh and hitting tab at the prompt).

4. Don't play pointer tricks that are undefined in modern c
(Brooks Davis).
---
 Fixes       |  1 +
 ed.chared.c |  2 +-
 sh.c        | 62 ++++++++++++++++++++++++++++-------------------------
 sh.func.c   |  8 ++++---
 tw.init.c   |  3 +--
 5 files changed, 41 insertions(+), 35 deletions(-)

diff --git a/Fixes b/Fixes
index 7440349aa483..995b28ba53f6 100644
--- a/Fixes
+++ b/Fixes
@@ -1,3 +1,4 @@
+ 22. Fix type of read in prompt confirmation (eg. rmstar) (David Kaspar)
  20. V6.20.00 - 20161124
  19. Don't resize the screen if it did not change size.
  18. V6.19.01 - 20161025
diff --git a/ed.chared.c b/ed.chared.c
index c56d00eb0a6f..fc620228bf08 100644
--- a/ed.chared.c
+++ b/ed.chared.c
@@ -750,7 +750,7 @@ c_substitute(void)
     /*
      * If we found a history character, go expand it.
      */
-    if (HIST != '\0' && *p == HIST)
+    if (p >= InputBuf && HIST != '\0' && *p == HIST)
 	nr_exp = c_excl(p);
     else
         nr_exp = 0;
diff --git a/sh.c b/sh.c
index e9dfa81a8c4b..759132fbe9e7 100644
--- a/sh.c
+++ b/sh.c
@@ -248,6 +248,7 @@ main(int argc, char **argv)
     char *tcp, *ttyn;
     int f, reenter;
     char **tempv;
+    const char *targinp = NULL;
     int osetintr;
     struct sigaction oparintr;
 
@@ -937,30 +938,7 @@ main(int argc, char **argv)
 		      *p &= ASCII;
 		  }
 #endif
-		arginp = SAVE(tempv[0]);
-
-		/*
-		 * we put the command into a variable
-		 */
-		if (arginp != NULL)
-		    setv(STRcommand, quote(Strsave(arginp)), VAR_READWRITE);
-
-		/*
-		 * * Give an error on -c arguments that end in * backslash to
-		 * ensure that you don't make * nonportable csh scripts.
-		 */
-		{
-		    int count;
-
-		    cp = Strend(arginp);
-		    count = 0;
-		    while (cp > arginp && *--cp == '\\')
-			++count;
-		    if ((count & 1) != 0) {
-			exiterr = 1;
-			stderror(ERR_ARGC);
-		    }
-		}
+		targinp = tempv[0];
 		prompt = 0;
 		nofile = 1;
 		break;
@@ -1205,7 +1183,7 @@ main(int argc, char **argv)
 	    sigset_interrupting(SIGXFSZ, queue_phup);
 #endif
 
-	if (quitit == 0 && arginp == 0) {
+	if (quitit == 0 && targinp == 0) {
 #ifdef SIGTSTP
 	    (void) signal(SIGTSTP, SIG_IGN);
 #endif
@@ -1323,7 +1301,7 @@ main(int argc, char **argv)
  */
     sigset_interrupting(SIGCHLD, queue_pchild);
 
-    if (intty && !arginp) 	
+    if (intty && !targinp) 	
 	(void) ed_Setup(editing);/* Get the tty state, and set defaults */
 				 /* Only alter the tty state if editing */
     
@@ -1358,7 +1336,7 @@ main(int argc, char **argv)
 #ifdef _PATH_DOTCSHRC
 	    (void) srcfile(_PATH_DOTCSHRC, 0, 0, NULL);
 #endif
-	    if (!arginp && !onelflg && !havhash)
+	    if (!targinp && !onelflg && !havhash)
 		dohash(NULL,NULL);
 #ifndef LOGINFIRST
 #ifdef _PATH_DOTLOGIN
@@ -1378,7 +1356,7 @@ main(int argc, char **argv)
 	if (!srccat(varval(STRhome), STRsldottcshrc))
 	    (void) srccat(varval(STRhome), STRsldotcshrc);
 
-	if (!arginp && !onelflg && !havhash)
+	if (!targinp && !onelflg && !havhash)
 	    dohash(NULL,NULL);
 
 	/*
@@ -1398,7 +1376,7 @@ main(int argc, char **argv)
     exitset--;
 
     /* Initing AFTER .cshrc is the Right Way */
-    if (intty && !arginp) {	/* PWP setup stuff */
+    if (intty && !targinp) {	/* PWP setup stuff */
 	ed_Init();		/* init the new line editor */
 #ifdef SIG_WINDOW
 	check_window_size(1);	/* mung environment */
@@ -1413,6 +1391,32 @@ main(int argc, char **argv)
     if (nexececho)
 	setNS(STRecho);
     
+
+    if (targinp) {
+	arginp = SAVE(targinp);
+	/*
+	 * we put the command into a variable
+	 */
+	if (arginp != NULL)
+	    setv(STRcommand, quote(Strsave(arginp)), VAR_READWRITE);
+
+	/*
+	 * * Give an error on -c arguments that end in * backslash to
+	 * ensure that you don't make * nonportable csh scripts.
+	 */
+	{
+	    int count;
+
+	    cp = Strend(arginp);
+	    count = 0;
+	    while (cp > arginp && *--cp == '\\')
+		++count;
+	    if ((count & 1) != 0) {
+		exiterr = 1;
+		stderror(ERR_ARGC);
+	    }
+	}
+    }
     /*
      * All the rest of the world is inside this call. The argument to process
      * indicates whether it should catch "error unwinds".  Thus if we are a
diff --git a/sh.func.c b/sh.func.c
index ce58bbbf2918..501bcaae517e 100644
--- a/sh.func.c
+++ b/sh.func.c
@@ -2734,16 +2734,18 @@ nlsclose(void)
 int
 getYN(const char *prompt)
 {
-    int doit, c;
+    int doit;
+    char c;
+
     xprintf("%s", prompt);
     flush();
-    (void) force_read(SHIN, &c, 1);
+    (void) force_read(SHIN, &c, sizeof(c));
     /* 
      * Perhaps we should use the yesexpr from the
      * actual locale
      */
     doit = (strchr(CGETS(22, 14, "Yy"), c) != NULL);
-    while (c != '\n' && force_read(SHIN, &c, 1) == 1)
+    while (c != '\n' && force_read(SHIN, &c, sizeof(c)) == sizeof(c))
 	continue;
     return doit;
 }
diff --git a/tw.init.c b/tw.init.c
index 68adbb941761..d9525c587ac5 100644
--- a/tw.init.c
+++ b/tw.init.c
@@ -125,9 +125,8 @@ tw_str_add(stringlist_t *sl, size_t len)
 	sl->buff = xrealloc(sl->buff, sl->tbuff * sizeof(Char));
 	/* Re-thread the new pointer list, if changed */
 	if (ptr != NULL && ptr != sl->buff) {
-	    intptr_t offs = sl->buff - ptr;
 	    for (i = 0; i < sl->nlist; i++)
-		sl->list[i] += offs;
+		sl->list[i] = sl->buff + (sl->list[i] - ptr);
 	}
 	disabled_cleanup(&pintr_disabled);
     }