From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 24627 invoked by alias); 29 Apr 2011 03:57:10 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: X-Seq: 29107 Received: (qmail 21080 invoked from network); 29 Apr 2011 03:57:09 -0000 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received-SPF: none (ns1.primenet.com.au: domain at closedmail.com does not designate permitted sender hosts) From: Bart Schaefer Message-id: <110428205657.ZM12615@torch.brasslantern.com> Date: Thu, 28 Apr 2011 20:56:57 -0700 In-reply-to: <20110429013438.GC21935@prunille.vinc17.org> Comments: In reply to Vincent Lefevre "Re: completion on brace + 4 characters doesn't work" (Apr 29, 3:34am) References: <20110428111148.GA3109@ypig.lip.ens-lyon.fr> <110428081240.ZM11395@torch.brasslantern.com> <20110428222754.GC5625@prunille.vinc17.org> <20110429003149.GA21935@prunille.vinc17.org> <20110429005909.GB21935@prunille.vinc17.org> <20110429013438.GC21935@prunille.vinc17.org> X-Mailer: OpenZMail Classic (0.9.2 24April2005) To: zsh-workers@zsh.org Subject: Re: completion on brace + 4 characters doesn't work MIME-version: 1.0 Content-type: text/plain; charset=us-ascii On Apr 29, 3:34am, Vincent Lefevre wrote: } Subject: Re: completion on brace + 4 characters doesn't work } } With "echo ./{abcd", valgrind complains: } } ==13848== Source and destination overlap in strcpy(0x4027532, 0x4027533) } ==13848== at 0x4C25918: strcpy (mc_replace_strmem.c:311) } ==13848== by 0xD09D92C: get_comp_string (zle_tricky.c:2016) That's this line: 2016 strcpy(dbeg, dbeg + len); The code there apparently assumes a naive implementation of strcpy() that goes left-to-right incrementing the source and destination pointers in lock step. There are instances of this assumption all over the place in get_comp_string(). It would not surprise me to find this assumption made elsewhere in the zsh sources. Out of curiosity, does the behavior change if you crank down the degree of optimization (or up the of debugging) in the compiler flags when building? Looking at the patch below, I'm puzzled by the *dbeg = '{' assignments -- they're to restore the string after a '\0' was plugged into it temporarily, but isn't *dbeg immediately clobbered by whatever is at *(dbeg+len) ? Why bother restoring it? I suppose len == 0 may be possible ... Index: Src/Zle/zle_tricky.c =================================================================== RCS file: /extra/cvsroot/zsh/zsh-4.0/Src/Zle/zle_tricky.c,v retrieving revision 1.30 diff -c -r1.30 zle_tricky.c --- zle_tricky.c 21 Dec 2010 16:41:16 -0000 1.30 +++ zle_tricky.c 29 Apr 2011 03:45:13 -0000 @@ -1899,7 +1899,7 @@ *dbeg = '{'; i -= len; boffs -= len; - strcpy(dbeg, dbeg + len); + memmove(dbeg, dbeg + len, 1+strlen(dbeg+len)); dp -= len; } bbeg = lastp = p; @@ -1948,7 +1948,7 @@ *dbeg = '{'; i -= len; boffs -= len; - strcpy(dbeg, dbeg + len); + memmove(dbeg, dbeg + len, 1+strlen(dbeg+len)); dp -= len; } bbeg = NULL; @@ -2013,7 +2013,7 @@ new->qpos = strlen(quotename(predup, NULL)); *dbeg = '{'; boffs -= len; - strcpy(dbeg, dbeg + len); + memmove(dbeg, dbeg + len, 1+strlen(dbeg+len)); } if (brend) { Brinfo bp, prev = NULL; @@ -2026,7 +2026,7 @@ l = bp->qpos; bp->pos = strlen(predup + p + l); bp->qpos = strlen(quotename(predup + p + l, NULL)); - strcpy(predup + p, predup + p + l); + memmove(predup + p, predup + p + l, 1+bp->pos); } } if (hascom) {