4.0.1 (and 4.1.0) infinite loop with history

4.0.1 (and 4.1.0) infinite loop with history

[Bart Schaefer]

I accidentally pasted some diff output into a shell window and it was
executed as a command.  Zsh went into an infinite loop.  The loop actually
appears to be the `for (;;)' in fclist(), builtin.c line 1452, but ^C-ing
it always stops in zhalloc().  I can reproduce this starting from scratch
with `zsh -f' -- all you need to do is fill up the history (so that event
number 1 will fall off the saved lines) and then give the command `r = 1'.

The complete stack is:

#0  zhalloc (size=24) at ../../zsh-4.0/Src/mem.c:303
#1  0x8054fd0 in fcsubs (sp=0xbffff31c, sub=0x0)
    at ../../zsh-4.0/Src/builtin.c:1398
#2  0x8055179 in fclist (f=0x80e0800, n=0, r=0, D=0, d=0, first=5, last=5, 
    subs=0x4011e298, pprog=0x0) at ../../zsh-4.0/Src/builtin.c:1457
#3  0x8054b94 in bin_fc (nam=0x4011e268 "r", argv=0xbffff4b0, 
    ops=0xbffff510 "", func=16) at ../../zsh-4.0/Src/builtin.c:1324
#4  0x8051731 in execbuiltin (args=0x4011e238, bn=0x80c05a8)
    at ../../zsh-4.0/Src/builtin.c:367
#5  0x806527e in execcmd (state=0xbffff7c8, input=0, output=0, how=18, last1=2)
    at ../../zsh-4.0/Src/exec.c:2287
#6  0x8061fd7 in execpline2 (state=0xbffff7c8, pcode=451, how=18, input=0, 
    output=0, last1=0) at ../../zsh-4.0/Src/exec.c:1192
#7  0x806154f in execpline (state=0xbffff7c8, slcode=5122, how=18, last1=0)
    at ../../zsh-4.0/Src/exec.c:982
#8  0x8060ee9 in execlist (state=0xbffff7c8, dont_change_job=0, exiting=0)
    at ../../zsh-4.0/Src/exec.c:826
#9  0x8060c03 in execode (p=0x4011e1e0, dont_change_job=0, exiting=0)
    at ../../zsh-4.0/Src/exec.c:729
#10 0x80761e1 in loop (toplevel=1, justonce=0) at ../../zsh-4.0/Src/init.c:160
#11 0x8078800 in zsh_main (argc=2, argv=0xbffff85c)
    at ../../zsh-4.0/Src/init.c:1209
#12 0x8050df4 in main (argc=2, argv=0xbffff85c) at ../../zsh-4.0/Src/main.c:37

-- 
Bart Schaefer                                 Brass Lantern Enterprises
http://www.well.com/user/barts              http://www.brasslantern.com

Zsh: http://www.zsh.org | PHPerl Project: http://phperl.sourceforge.net   

PATCH: Re: 4.0.1 (and 4.1.0) infinite loop with history

[Bart Schaefer]

On Jul 7, 11:15pm, Bart Schaefer wrote:
} Subject: 4.0.1 (and 4.1.0) infinite loop with history
}
} ... all you need to do is fill up the history (so that event
} number 1 will fall off the saved lines) and then give the command `r = 1'.

Happens in 3.0.6 through 3.0.8 as well.  And -- good grief -- even in 2.4.
And the history number is a red herring: The loop appears to be attempting
to globally replace the empty string with the empty string, i.e. the `='
is being taken as a degenerate case of OLD=NEW.

Consequently, this should fix it:

Index: Src/builtin.c
===================================================================
diff -c -r1.4 Src/builtin.c
--- Src/builtin.c	2001/06/18 18:01:56	1.4
+++ Src/builtin.c	2001/07/08 00:02:51
@@ -1250,6 +1250,10 @@
     while (*argv && equalsplit(*argv, &s)) {
 	Asgment a = (Asgment) zhalloc(sizeof *a);
 
+	if (!**argv) {
+	    zwarnnam(nam, "invalid replacement pattern: =%s", s, 0);
+	    return 1;
+	}
 	if (!asgf)
 	    asgf = asgl = a;
 	else {

-- 
Bart Schaefer                                 Brass Lantern Enterprises
http://www.well.com/user/barts              http://www.brasslantern.com

Zsh: http://www.zsh.org | PHPerl Project: http://phperl.sourceforge.net