From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <zsh-workers-return-11372-mason-zsh=primenet.com.au@sunsite.auc.dk>
Received: (qmail 16513 invoked from network); 15 May 2000 11:46:11 -0000
Received: from sunsite.auc.dk (130.225.51.30)
  by ns1.primenet.com.au with SMTP; 15 May 2000 11:46:11 -0000
Received: (qmail 15501 invoked by alias); 15 May 2000 11:46:00 -0000
Mailing-List: contact zsh-workers-help@sunsite.auc.dk; run by ezmlm
Precedence: bulk
X-No-Archive: yes
X-Seq: 11372
Received: (qmail 15494 invoked from network); 15 May 2000 11:45:54 -0000
From: "Bart Schaefer" <schaefer@candle.brasslantern.com>
Message-Id: <1000515114456.ZM16521@candle.brasslantern.com>
Date: Mon, 15 May 2000 11:44:55 +0000
In-Reply-To: <200005150926.LAA17371@beta.informatik.hu-berlin.de>
Comments: In reply to Sven Wischnowsky <wischnow@informatik.hu-berlin.de>
        "PATCH: Re: Seg fault in matcher-list matching" (May 15, 11:26am)
References: <200005150926.LAA17371@beta.informatik.hu-berlin.de>
X-Mailer: Z-Mail (5.0.0 30July97)
To: Sven Wischnowsky <wischnow@informatik.hu-berlin.de>,
        zsh-workers@sunsite.auc.dk
Subject: Re: PATCH: Re: Seg fault in matcher-list matching
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii

On May 15, 11:26am, Sven Wischnowsky wrote:
} Subject: PATCH: Re: Seg fault in matcher-list matching
}
} 
} Bart Schaefer wrote:
} 
} > I did this:
} > 
} > zagzig[41] /u/s/l/z/z4/s/zsh
} >                      ^cursor over the 4, press TAB
} > 
} > The path this was intended to match was /usr/src/local/zsh/zsh-2.4/src/zsh.
} > I had first tried TAB at the end of the line and gotten a feep, in case
} > that matters.
} 
} I couldn't get it to seg-fault, but there was something broken. Matching 
} of the suffix, for example, and that both in C and shell code.

It doesn't dump for me any more, but I'm still nervous about line 1767 of
compcore.c:

#1  0x80bd798 in addmatches (dat=0xbfffa854, argv=0xbfffa8d8)
    at ../../../zsh-3.1.6/Src/Zle/compcore.c:1768
1768                if ((ml = match_str(lsuf, s, &bsl, 0, NULL, 1, 0, 1)) >= 0) {
(gdb) l 
1763                    else
1764                        *argv = NULL;
1765                    bcp = lpl;
1766                }
1767                s = dat->psuf ? dat->psuf : "";
1768                if ((ml = match_str(lsuf, s, &bsl, 0, NULL, 1, 0, 1)) >= 0) {
1769                    if (matchsubs) {
1770                        Cline tmp = get_cline(NULL, 0, NULL, 0, NULL, 0, CLF_SUF);
1771
1772                        tmp->suffix = matchsubs;

The reported core dump was caused because match_str() wrote a '\0' byte into
the string pointed to by its second argument [`s' above, `w' in match_str()]
which is being passed as a string constant when dat->psuf == 0.  Is that a
potential bug, still?

-- 
Bart Schaefer                                 Brass Lantern Enterprises
http://www.well.com/user/barts              http://www.brasslantern.com