From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 23320 invoked by alias); 16 Jan 2015 04:43:47 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: X-Seq: 34299 Received: (qmail 25425 invoked from network); 16 Jan 2015 04:43:44 -0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 X-CMAE-Score: 0 X-CMAE-Analysis: v=2.1 cv=PYxIXZlY c=1 sm=1 tr=0 a=FT8er97JFeGWzr5TCOCO5w==:117 a=kj9zAlcOel0A:10 a=q2GGsy2AAAAA:8 a=oR5dmqMzAAAA:8 a=-9mUelKeXuEA:10 a=YNv0rlydsVwA:10 a=aXp7qrZNzPR8_vYOJ9AA:9 a=CjuIK1q_8ugA:10 From: Bart Schaefer Message-id: <150115204336.ZM23779@torch.brasslantern.com> Date: Thu, 15 Jan 2015 20:43:36 -0800 In-reply-to: Comments: In reply to Vin Shelton "Re: Crash when capturing command output in completion" (Jan 15, 10:17pm) References: <150115135356.ZM23582@torch.brasslantern.com> <150115162748.ZM23670@torch.brasslantern.com> X-Mailer: OpenZMail Classic (0.9.2 24April2005) To: "Zsh Hackers' List" Subject: Re: Crash when capturing command output in completion MIME-version: 1.0 Content-type: text/plain; charset=us-ascii On Jan 15, 10:17pm, Vin Shelton wrote: } } echo $(installed_packages) } } results in the crash. OK, I can pretty trivially reproduce this, but what I get is: schaefer<501> echo $(ls) zsh: fatal error: out of memory 742 compisuffix = (char *) zalloc((l = parwe - we) + 1); (gdb) p parwe $1 = 10 (gdb) p we $2 = 12 So this ends up calling zcalloc(-1), and kapow. "we" becomes 12 at compcore.c line 1261 in this block: /* And adjust wb, we, and offs again. */ offs -= b - s; wb = zlemetacs - offs; we = wb + e - b; ispar = (br >= 2 ? 2 : 1); b[we-wb] = '\0'; return b; We come into that block at line 1219 like this: (gdb) p offs $11 = 1 (gdb) p e $12 = 0x818263 "\211x" (gdb) p s $13 = 0x818260 "\205ls\211x" (gdb) p b $14 = 0x818261 "ls\211x" (gdb) p s $15 = 0x818260 "\205ls\211x" (gdb) p zlemetacs $16 = 10 (gdb) p wb $17 = 9 (gdb) p we $18 = 10 (gdb) p br $19 = 1 Neither "test" nor "set" is true, so we enter "if (compfunc)" at line 1251 to /* Save the prefix. */ This does nothing but assign "$" to parpre, so the initial state of all those variables is unchanged by the time we start to "adjust" them. I'm not sure what's supposed to happen at this point. None of these values seem to line up with where the "adjustments" expect them. I suspect we've accidentally attempted to treat "(ls)" as a parameter name. The only recent change in compcore.c is lexsave() -> zcontext_save(); the last thing to actually touch this function was parameter modifier handling, which is a different [new] branch of the same if/else and happens independent of the branch causing this error.