From 9ccb9572f363a7df6f1e6cd159379a1efb01070c Mon Sep 17 00:00:00 2001
From: Martijn Dekker <martijn@inlv.org>
Date: Sat, 20 Feb 2021 21:09:01 +0000
Subject: [PATCH] emacs: fix crash due to read before start of buffer

It's amazing what can happen when you compile ksh using standard
malloc (i.e. with AST vmalloc disabled) on OpenBSD. Its security
hardening provokes crashes that reveal decades-old unsolved bugs.
This one is an attempt to access one byte before the beginning of
the command line buffer when the cursor is at the beginning of it.
On this system configuration, it provoked an instant crash whenever
you moved the cursor back to the beginning of the command line,
e.g. with ^A or the cursor keys.

src/cmd/ksh93/edit/emacs.c: draw():
- Check that the cursor is actually past the first position of the
  command line buffer before trying to read the position
  immediately before it. If not, zero the value.
---
 src/cmd/ksh93/edit/emacs.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/cmd/ksh93/edit/emacs.c b/src/cmd/ksh93/edit/emacs.c
index 8b39d4483..6ca2aa963 100644
--- a/src/cmd/ksh93/edit/emacs.c
+++ b/src/cmd/ksh93/edit/emacs.c
@@ -1445,7 +1445,10 @@ static void draw(register Emacs_t *ep,Draw_t option)
 	*****************************************/
 	
 
-	i = *(logcursor-1);	/* last character inserted */
+	if(logcursor > sptr)
+		i = *(logcursor-1);	/* last character inserted */
+	else
+		i = 0;
 #if SHOPT_EDPREDICT
 	if(option==FINAL)
 	{