From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 18567 invoked by alias); 10 May 2017 06:21:33 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: X-Seq: 41083 Received: (qmail 5644 invoked from network); 10 May 2017 06:21:33 -0000 X-Qmail-Scanner-Diagnostics: from mail-ua0-f177.google.com by f.primenet.com.au (envelope-from , uid 7791) with qmail-scanner-2.11 (clamdscan: 0.99.2/21882. spamassassin: 3.4.1. Clear:RC:0(209.85.217.177):SA:0(0.5/5.0):. Processed in 0.879947 secs); 10 May 2017 06:21:33 -0000 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=0.5 required=5.0 tests=RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RCVD_IN_SORBS_SPAM,SPF_PASS, T_DKIM_INVALID autolearn=no autolearn_force=no version=3.4.1 X-Envelope-From: schaefer@brasslantern.com X-Qmail-Scanner-Mime-Attachments: | X-Qmail-Scanner-Zip-Files: | Received-SPF: pass (ns1.primenet.com.au: SPF record at _netblocks.google.com designates 209.85.217.177 as permitted sender) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brasslantern-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:date:in-reply-to:comments:references:to:subject :mime-version; bh=w6w4U+U8o8uPaRnfMh8O6gWK1Zqe06wdMIC0E5UfMZY=; b=0eMfGWLtfRU2p23ADI46tAUZ9axzXpRIeK8kqRq/AXgbg+Es1g7e2Wc13kr7ihShJi JdR19O8hzLmTYqamMdhUJwdOmlJCYfVkN+JV+XDom98DSsrehju6dzHJUIF6ZIEruxLw Swp6+PSc3Oh2KW7wf3KblDXNMJ6nA8OD3de3D3ag5dSOfhI/5/8PHTz62ZZ63utN+vHG sDWzVfN+Emdqay9FvHp+k3z7mPaVU7J17O8KlXHECpA8l3C9qfJyUBX8AQE1qz854FKk 0sUJW1QsUWaOJHJuGf1AC16yCHYKYLwLDNFLXduIZJyLdmlSlawk3nFcLLB0TuPYxWKk jS9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:date:in-reply-to:comments :references:to:subject:mime-version; bh=w6w4U+U8o8uPaRnfMh8O6gWK1Zqe06wdMIC0E5UfMZY=; b=BQ9jvKFmaqc6E+49GE5sW86ocOwfxxpCzxPu0EYiT/yoJu2PGO0AFTWA6d01bUuqhm mHMHD4uJHkAqFrVv4FMr7YbWh/EzJGcXEeT2cEnP0JJ3C7oEl4JyaM/cfRVQY2FL73fo ZNcAUP78zCA+Mnwoc6m2zRyzCh2f+a4t2lbD/sldkQ+loSyV80ph/vGlWdwomdtH2isQ im26X9D0WTD/t05KcLb0T1aq41UeT/6+JO82CvgPanZOKQtd3d6PsjketzGDna1f5acs DKaFcLl34n4XMQqy9rfqMc7lDAn61le1BPI6mfcWYAE0/DqjRUouWDDLOQJ+bhKhQk0O eKiA== X-Gm-Message-State: AODbwcD1IM80Nf2vdNV4amiRVi9Gk4b5LtBK8HrrHre7kJfg4EYfH/di D9Zw18bwjTKq/A== X-Received: by 10.31.129.14 with SMTP id c14mr1556393vkd.102.1494397287678; Tue, 09 May 2017 23:21:27 -0700 (PDT) From: Bart Schaefer Message-Id: <170509232141.ZM7753@torch.brasslantern.com> Date: Tue, 9 May 2017 23:21:41 -0700 In-Reply-To: Comments: In reply to Eduardo Bustamante "Zsh parser malloc corruption" (May 8, 8:53am) References: X-Mailer: OpenZMail Classic (0.9.2 24April2005) To: zsh-workers@zsh.org Subject: Re: Zsh parser malloc corruption MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii PWS, I'm going to ask you to please look at this after all, because it seems to be related to 36682: expand pattern interface to optimise unmetafication Valgrind says: ==19116== Invalid write of size 1 ==19116== at 0x4A2E0D: patcompile (pattern.c:679) ==19116== by 0x456846: compgetmatch (glob.c:2623) ==19116== by 0x4568FA: getmatch (glob.c:2663) ==19116== by 0x4BA2D9: paramsubst (subst.c:3045) ==19116== by 0x4B486A: stringsubst (subst.c:247) ==19116== by 0x4B3BED: prefork (subst.c:85) ==19116== by 0x4437D5: execcmd_getargs (exec.c:2659) ==19116== by 0x443BCF: execcmd_exec (exec.c:2765) ==19116== by 0x4414B5: execpline2 (exec.c:1873) ==19116== by 0x43FCDA: execpline (exec.c:1602) ==19116== by 0x43EEA5: execlist (exec.c:1360) ==19116== by 0x43E5A3: execode (exec.c:1141) This repeats several times, and eventually kills valgrind itself: valgrind: the 'impossible' happened: Killed by fatal signal ==19116== at 0x38058236: ??? (in /usr/lib/valgrind/memcheck-amd64-linux) It appears that the "patalloc" space is not large enough to hold the metafied pattern, maybe because there are NUL bytes in the pattern prior to it being metafied? Also I can reproduce my crash with a shorter input; delete everything from (including) the first "&" through the end of the malloc-corruption file.