* Re: `foo=foo; (( foo ))' => infinite recursion
@ 2000-03-13 9:34 Sven Wischnowsky
2000-03-13 16:05 ` Bart Schaefer
0 siblings, 1 reply; 3+ messages in thread
From: Sven Wischnowsky @ 2000-03-13 9:34 UTC (permalink / raw)
To: zsh-workers
Alexandre Duret-Lutz wrote:
> An easy way to die.
>
> ~ % zsh -f
> phobos% foo=foo; (( foo ))
> zsh: segmentation fault zsh -f
What really irritated me was that getnumvalue() called matheval().
That meant that in cases like the one above $foo could contain any
mathematical expression and that would get evaluated.
The patch makes it take only numbers from $foo (or integer-zero if
there is none). If that is considered to be the wrong idea we have to
find some other way to avoid the endless recusion, I think.
One question: currently it only skips white space at the beginning of
$foo to find the number (btw, all number-formats zsh knows of should
be understood); should we make it skip all non-numeric characters?
Bye
Sven
diff -ru ../z.old/Src/math.c Src/math.c
--- ../z.old/Src/math.c Mon Mar 13 10:18:27 2000
+++ Src/math.c Mon Mar 13 10:29:36 2000
@@ -950,6 +950,78 @@
return (x.type & MN_FLOAT) ? (zlong)x.u.d : x.u.l;
}
+/**/
+mod_export mnumber
+mathnumber(char *s)
+{
+ mnumber ret;
+
+ ret.type = MN_INTEGER;
+
+ while (*s) {
+ switch (*s++) {
+ case '[':
+ {
+ int base = zstrtol(s, &s, 10);
+
+ if (*s == ']')
+ s++;
+ ret.u.l = zstrtol(s, &s, base);
+ return ret;
+ }
+ case ' ':
+ case '\t':
+ case '\n':
+ break;
+ case '0':
+ if (*s == 'x' || *s == 'X') {
+ /* Should we set lastbase here? */
+ ret.u.l = zstrtol(++s, &s, 16);
+ return ret;
+ }
+ /* Fall through! */
+ default:
+ if (idigit(*--s) || *s == '.') {
+ char *nptr;
+#ifdef USE_LOCALE
+ char *prev_locale;
+#endif
+ for (nptr = s; idigit(*nptr); nptr++);
+
+ if (*nptr == '.' || *nptr == 'e' || *nptr == 'E') {
+ /* it's a float */
+ ret.type = MN_FLOAT;
+#ifdef USE_LOCALE
+ prev_locale = setlocale(LC_NUMERIC, NULL);
+ setlocale(LC_NUMERIC, "POSIX");
+#endif
+ ret.u.d = strtod(s, &nptr);
+#ifdef USE_LOCALE
+ setlocale(LC_NUMERIC, prev_locale);
+#endif
+ if (s == nptr || *nptr == '.')
+ goto end;
+ s = nptr;
+ } else {
+ /* it's an integer */
+ ret.u.l = zstrtol(s, &s, 10);
+
+ if (*s == '#')
+ ret.u.l = zstrtol(++s, &s, ret.u.l);
+ }
+ return ret;
+ }
+ goto end;
+ }
+ }
+ end:
+
+ ret.type = MN_INTEGER;
+ ret.u.l = 0;
+
+ return ret;
+}
+
/*
* Make sure we have an operator or an operand, whatever is expected.
* For this purpose, unary operators constitute part of an operand.
diff -ru ../z.old/Src/params.c Src/params.c
--- ../z.old/Src/params.c Mon Mar 13 10:18:27 2000
+++ Src/params.c Mon Mar 13 10:29:36 2000
@@ -1420,7 +1420,7 @@
mn.type = MN_FLOAT;
mn.u.d = v->pm->gets.ffn(v->pm);
} else
- return matheval(getstrvalue(v));
+ return mathnumber(getstrvalue(v));
return mn;
}
--
Sven Wischnowsky wischnow@informatik.hu-berlin.de
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: `foo=foo; (( foo ))' => infinite recursion
2000-03-13 9:34 `foo=foo; (( foo ))' => infinite recursion Sven Wischnowsky
@ 2000-03-13 16:05 ` Bart Schaefer
0 siblings, 0 replies; 3+ messages in thread
From: Bart Schaefer @ 2000-03-13 16:05 UTC (permalink / raw)
To: Sven Wischnowsky, zsh-workers
On Mar 13, 10:34am, Sven Wischnowsky wrote:
} Subject: Re: `foo=foo; (( foo ))' => infinite recursion
}
} What really irritated me was that getnumvalue() called matheval().
} That meant that in cases like the one above $foo could contain any
} mathematical expression and that would get evaluated.
Urgh. This is ugly, but appears to have been done for a long time, so
I'm a bit leery of changing it. (( foo == $foo )) is probably meant to
be true, which won't be the case any more with your patch.
Maybe just a recursion counter with a reasonably large limit?
} One question: currently it only skips white space at the beginning of
} $foo to find the number (btw, all number-formats zsh knows of should
} be understood); should we make it skip all non-numeric characters?
No, I don't think so.
--
Bart Schaefer Brass Lantern Enterprises
http://www.well.com/user/barts http://www.brasslantern.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* `foo=foo; (( foo ))' => infinite recursion
@ 2000-03-09 20:10 Alexandre Duret-Lutz
0 siblings, 0 replies; 3+ messages in thread
From: Alexandre Duret-Lutz @ 2000-03-09 20:10 UTC (permalink / raw)
To: zsh-workers
An easy way to die.
~ % zsh -f
phobos% foo=foo; (( foo ))
zsh: segmentation fault zsh -f
#0 0x8080add in mathevall (s=0x80e5890 "foo", prek=17, ep=0xbf800308)
at ../../latest/Src/math.c:855
855 {
(gdb) bt
#0 0x8080add in mathevall (s=0x80e5890 "foo", prek=17, ep=0xbf800308)
at ../../latest/Src/math.c:855
#1 0x8080d13 in matheval (s=0x80e5890 "foo") at ../../latest/Src/math.c:923
#2 0x808bc5b in getnumvalue (v=0xbf800384) at ../../latest/Src/params.c:1423
#3 0x808c81d in getnparam (s=0x401e09bb "") at ../../latest/Src/params.c:1655
#4 0x808100a in mathparse (pc=17) at ../../latest/Src/math.c:1011
#5 0x8080be2 in mathevall (s=0x80e5890 "foo", prek=17, ep=0xbf800ad8)
at ../../latest/Src/math.c:888
#6 0x8080d13 in matheval (s=0x80e5890 "foo") at ../../latest/Src/math.c:923
#7 0x808bc5b in getnumvalue (v=0xbf800b54) at ../../latest/Src/params.c:1423
#8 0x808c81d in getnparam (s=0x401e09b3 "") at ../../latest/Src/params.c:1655
#9 0x808100a in mathparse (pc=17) at ../../latest/Src/math.c:1011
#10 0x8080be2 in mathevall (s=0x80e5890 "foo", prek=17, ep=0xbf8012a8)
at ../../latest/Src/math.c:888
#11 0x8080d13 in matheval (s=0x80e5890 "foo") at ../../latest/Src/math.c:923
#12 0x808bc5b in getnumvalue (v=0xbf801324) at ../../latest/Src/params.c:1423
#13 0x808c81d in getnparam (s=0x401e09ab "") at ../../latest/Src/params.c:1655
#14 0x808100a in mathparse (pc=17) at ../../latest/Src/math.c:1011
#15 0x8080be2 in mathevall (s=0x80e5890 "foo", prek=17, ep=0xbf801a78)
at ../../latest/Src/math.c:888
... and so on ...
--
Alexandre Duret-Lutz
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2000-03-13 16:06 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2000-03-13 9:34 `foo=foo; (( foo ))' => infinite recursion Sven Wischnowsky
2000-03-13 16:05 ` Bart Schaefer
-- strict thread matches above, loose matches on Subject: below --
2000-03-09 20:10 Alexandre Duret-Lutz
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).