From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 12710 invoked by alias); 18 Aug 2014 06:36:11 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: X-Seq: 33030 Received: (qmail 7916 invoked from network); 18 Aug 2014 06:36:09 -0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 From: Bart Schaefer Message-id: <140817233619.ZM25264@torch.brasslantern.com> Date: Sun, 17 Aug 2014 23:36:19 -0700 In-reply-to: <20140818025620.GA4198@localhost.localdomain> Comments: In reply to Han Pingtian "Re: zsh 5.0.5-dev-2" (Aug 18, 10:56am) References: <29575.1407969294@thecus.kiddle.eu> <20140814093442.1a74c5b7@pwslap01u.europe.root.pri> <20140814103227.74c7d168@pwslap01u.europe.root.pri> <140814092045.ZM18007@torch.brasslantern.com> <20140814205429.44baf512@pws-pc.ntlworld.com> <140814214412.ZM4177@torch.brasslantern.com> <20140815112316.GA17063@localhost.localdomain> <140815101701.ZM5288@torch.brasslantern.com> <20140816003504.GB17063@localhost.localdomain> <140817103030.ZM12944@torch.brasslantern.com> <20140818025620.GA4198@localhost.localdomain> X-Mailer: OpenZMail Classic (0.9.2 24April2005) To: zsh-workers@zsh.org Subject: Re: zsh 5.0.5-dev-2 MIME-version: 1.0 Content-type: text/plain; charset=us-ascii On Aug 18, 10:56am, Han Pingtian wrote: } Subject: Re: zsh 5.0.5-dev-2 } } On Sun, Aug 17, 2014 at 10:30:30AM -0700, Bart Schaefer wrote: } > } > I suspect Fortify is reporting a potential error rather than a real } > one, because we'd presumably have seen other problems before this if } > "cd .." actually caused an 8kb buffer on the stack to overflow. } } I have tried to print the length of xbuf and *pp before the sprintf(). } Looks like when overflow being triggered, the length of xbuf is 8188, } and the length of *pp is 10. I must not previously have been understanding exactly what you tested. I now suspect you've deliberately constructed and (with chaselinks not set?) cd'd one level down at a time into a path that's at least 8188 characters long, and then setopt chaselinks and done "cd .." from the bottom directory in that path. Is that correct? Maybe you previously posted exactly what test you were doing and I just lost track of it. Anyway, if that's along the lines of what you've done, then I retract my "potential error rather than real" remark.