From: Bart Schaefer <schaefer@brasslantern.com>
To: Dennis Felsing <dennis@felsin9.de>, zsh-workers@zsh.org
Subject: Re: free() error on simple input scripts
Date: Sat, 06 Dec 2014 15:07:53 -0800 [thread overview]
Message-ID: <141206150753.ZM2978@torch.brasslantern.com> (raw)
In-Reply-To: <20141206042732.GA28745@ti.fritz.box>
On Dec 6, 5:27am, Dennis Felsing wrote:
}
} Simply running zsh (from git) on each of the two attached files causes a
} free() error for me:
These are both unicode files, at least one in 16-bit with a byte-order
prefix, and are therefore not valid input to the shell.
If you're in a situation where you're being caused to feed the shell
unknown or invalid input, you're already way worse off than can be
helped by avoiding a bad free() ...
However, it appears that both unmeta() and unmetafy() have trouble with
this input, e.g., unmeta() sees a META byte immediately before the end
of string NUL and therefore runs off the end at the second *t++ in this
loop:
for (t = file_name, p = fn; *t; p++)
if ((*p = *t++) == Meta)
*p = *t++ ^ 32;
This ought to get caught well before we reach this part of the function,
but I'm not sure what the correct reaction is. Anyway, the failure of
unmeta[fy] cascades into errors in metafy() later.
Maybe this? Though how we ended up with a bad metafied string in the
first place might also be worth investigating.
diff --git a/Src/utils.c b/Src/utils.c
index 9268147..5c90638 100644
--- a/Src/utils.c
+++ b/Src/utils.c
@@ -4164,7 +4164,7 @@ unmetafy(char *s, int *len)
for (p = s; *p && *p != Meta; p++);
for (t = p; (*t = *p++);)
- if (*t++ == Meta)
+ if (*t++ == Meta && *p)
t[-1] = *p++ ^ 32;
if (len)
*len = t - s;
@@ -4208,8 +4208,10 @@ unmeta(const char *file_name)
meta = 0;
for (t = file_name; *t; t++) {
- if (*t == Meta)
- meta = 1;
+ if (*t == Meta) {
+ meta = t[1];
+ break;
+ }
}
if (!meta) {
/*
next prev parent reply other threads:[~2014-12-06 23:08 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-06 4:27 Dennis Felsing
2014-12-06 23:07 ` Bart Schaefer [this message]
2014-12-07 6:36 ` Bart Schaefer
2014-12-09 15:45 ` Jun T.
2014-12-09 17:30 ` Peter Stephenson
2014-12-09 22:13 ` Bart Schaefer
2014-12-08 12:51 ` Jun T.
2014-12-08 16:37 ` Bart Schaefer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=141206150753.ZM2978@torch.brasslantern.com \
--to=schaefer@brasslantern.com \
--cc=dennis@felsin9.de \
--cc=zsh-workers@zsh.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).