From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from euclid.skiles.gatech.edu (list@euclid.skiles.gatech.edu [130.207.146.50]) by coral.primenet.com.au (8.7.5/8.7.3) with ESMTP id EAA01694 for ; Sat, 3 Aug 1996 04:39:09 +1000 (EST) Received: (from list@localhost) by euclid.skiles.gatech.edu (8.7.3/8.7.3) id OAA26159; Fri, 2 Aug 1996 14:27:47 -0400 (EDT) Resent-Date: Fri, 2 Aug 1996 14:27:47 -0400 (EDT) From: Zoltan Hidvegi Message-Id: <199608021826.UAA05943@bolyai.cs.elte.hu> Subject: Re: zsh-mem & prompt To: Louis.Granboulan@ens.fr (Louis Granboulan) Date: Fri, 2 Aug 1996 20:26:57 +0200 (MET DST) Cc: zsh-workers@math.gatech.edu, wfp5p@tigger.itc.virginia.edu In-Reply-To: <199608021458.QAA16392@agaric.ens.fr> from Louis Granboulan at "Aug 2, 96 04:58:44 pm" Organization: Dept. of Comp. Sci., Eotvos University, Budapest, Hungary Phone: (36 1)2669833 ext: 2667, home phone: (36 1) 2752368 X-Mailer: ELM [version 2.4ME+ PL16 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Resent-Message-ID: <"pttr11.0.fO6.YYa0o"@euclid> Resent-From: zsh-workers@math.gatech.edu X-Mailing-List: archive/latest/1899 X-Loop: zsh-workers@math.gatech.edu Precedence: list Resent-Sender: zsh-workers-request@math.gatech.edu > This is zsh-3.0-pre5 on a SPARCstation-5 with SunOS 4.1.4 > When it is configured with --enable-zsh-mem, I have the following > message : attempt to free more than allocated > The problem is that the prompt buffer `lpptbuf' does not terminate with '\0'. That's not really a problem. The problem is that zsfree used. The patch below fixes that. It allso changes mem.c to fill the freed memory with 0xff insted of zero. Dereferencing ~0 should also cause SEGV and after this patch newly allocated string buffers will not be automatically null terminated so it may bring up some bugs (of course only if zsh is configured using ./configure --enable-zsh-{mem,{mem-,}debug,secure-free}). I did not see this prompt bug exacly because of this automatic zero-fill. Btw. it may fix those mysterious core dumps reported by Bill. Bill, would you try it? Zoltan *** Src/zle_refresh.c 1996/07/31 15:45:25 2.11 --- Src/zle_refresh.c 1996/08/02 15:47:04 *************** *** 996,1003 **** void genprompts(void) { ! zsfree(lpptbuf); ! zsfree(rpptbuf); lpptbuf = putprompt(lpmpt, &lpptlen, &pptw, 1); pmpt_attr = txtchange; rpptbuf = putprompt(rpmpt, &rpptlen, &rpw, 1); --- 996,1003 ---- void genprompts(void) { ! zfree(lpptbuf, lpptlen); ! zfree(rpptbuf, rpptlen); lpptbuf = putprompt(lpmpt, &lpptlen, &pptw, 1); pmpt_attr = txtchange; rpptbuf = putprompt(rpmpt, &rpptlen, &rpw, 1); *** Src/mem.c 1996/07/29 23:44:19 2.8 --- Src/mem.c 1996/08/02 15:40:37 *************** *** 831,837 **** #ifdef ZSH_MEM_DEBUG m_f[M_BSLEN(mt->len) / M_ISIZE]++; ! memset(sh, 0, M_BSLEN(mt->len)); #endif /* put the block onto the free list */ --- 831,837 ---- #ifdef ZSH_MEM_DEBUG m_f[M_BSLEN(mt->len) / M_ISIZE]++; ! memset(sh, 0xff, M_BSLEN(mt->len)); #endif /* put the block onto the free list */ *************** *** 904,910 **** } DPUTS(m->len < osz, "attempt to free more than allocated."); #ifdef ZSH_MEM_DEBUG ! memset(p, 0, m->len); #endif if (mt && ((char *)mt) == (((char *)m) + M_ISIZE + m->len)) { /* the block after the one we are freeing is free, we put them --- 904,910 ---- } DPUTS(m->len < osz, "attempt to free more than allocated."); #ifdef ZSH_MEM_DEBUG ! memset(p, 0xff, m->len); #endif if (mt && ((char *)mt) == (((char *)m) + M_ISIZE + m->len)) { /* the block after the one we are freeing is free, we put them