From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 10080 invoked from network); 14 Aug 2000 18:39:01 -0000 Received: from sunsite.auc.dk (130.225.51.30) by ns1.primenet.com.au with SMTP; 14 Aug 2000 18:39:01 -0000 Received: (qmail 22232 invoked by alias); 14 Aug 2000 18:38:33 -0000 Mailing-List: contact zsh-workers-help@sunsite.auc.dk; run by ezmlm Precedence: bulk X-No-Archive: yes X-Seq: 12625 Received: (qmail 22213 invoked from network); 14 Aug 2000 18:38:25 -0000 From: "Bart Schaefer" Message-Id: <1000814183801.ZM10110@candle.brasslantern.com> Date: Mon, 14 Aug 2000 18:38:01 +0000 In-Reply-To: <000501c0061e$5a87d210$cc1f1d0a@ldiarlnt4> Comments: In reply to "Jonel Rienton" "buffer overflow on zsh-3.1.9" (Aug 14, 1:34pm) References: <000501c0061e$5a87d210$cc1f1d0a@ldiarlnt4> X-Mailer: Z-Mail (5.0.0 30July97) To: "Jonel Rienton" , Subject: Re: buffer overflow on zsh-3.1.9 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii On Aug 14, 1:34pm, Jonel Rienton wrote: } Subject: buffer overflow on zsh-3.1.9 It's not a buffer overflow. } 1. hold down the alt key } 2. while holding alt key press 9 six times You've just told zsh that you want it to repeat the next command 999999 times. } 3 release both keys, hit any letter or number The next command is to insert that character. Zsh faithfully attempts to insert one character 999999 times. Every 256 or so insertions it allocates a larger buffer; eventually your system runs out of memory and zsh gives up and crashes. The buffer didn't overflow -- that is, I doubt zsh wrote any bytes beyond the bounds of any buffer it succeeded in allocating. We *could* put some sort of arbitrary limit on the maximum numeric prefix argument, to prevent large repetitions like this, but this is clearly a case of pilot error rather than programming error. -- Bart Schaefer Brass Lantern Enterprises http://www.well.com/user/barts http://www.brasslantern.com Zsh: http://www.zsh.org | PHPerl Project: http://phperl.sourceforge.net