Re: PATCH: Re: Seg fault in matcher-list matching

[Sven Wischnowsky <wischnow@informatik.hu-berlin.de>]

Bart Schaefer wrote:

> ...
> 
> It doesn't dump for me any more, but I'm still nervous about line 1767 of
> compcore.c:
> 
> #1  0x80bd798 in addmatches (dat=0xbfffa854, argv=0xbfffa8d8)
>     at ../../../zsh-3.1.6/Src/Zle/compcore.c:1768
> 1768                if ((ml = match_str(lsuf, s, &bsl, 0, NULL, 1, 0, 1)) >= 0) {
> (gdb) l 
> 1763                    else
> 1764                        *argv = NULL;
> 1765                    bcp = lpl;
> 1766                }
> 1767                s = dat->psuf ? dat->psuf : "";
> 1768                if ((ml = match_str(lsuf, s, &bsl, 0, NULL, 1, 0, 1)) >= 0) {
> 1769                    if (matchsubs) {
> 1770                        Cline tmp = get_cline(NULL, 0, NULL, 0, NULL, 0, CLF_SUF);
> 1771
> 1772                        tmp->suffix = matchsubs;
> 
> The reported core dump was caused because match_str() wrote a '\0' byte into
> the string pointed to by its second argument [`s' above, `w' in match_str()]
> which is being passed as a string constant when dat->psuf == 0.

Yes, I know.

>  Is that a
> potential bug, still?

I'm pretty sure I made sure that we don't try to write into strings we 
can't write into with the patch I sent. But I'll also commit the one
below for some extra savety.

Bye
 Sven

Index: Src/Zle/compcore.c
===================================================================
RCS file: /cvsroot/zsh/zsh/Src/Zle/compcore.c,v
retrieving revision 1.19
diff -u -r1.19 compcore.c
--- Src/Zle/compcore.c	2000/05/12 07:03:41	1.19
+++ Src/Zle/compcore.c	2000/05/15 11:52:03
@@ -1739,7 +1739,7 @@
 		    llpl -= gfl;
 		}
 	    }
-	    s = dat->ppre ? dat->ppre : "";
+	    s = dat->ppre ? dat->ppre : dupstring("");
 	    if ((ml = match_str(lpre, s, &bpl, 0, NULL, 0, 0, 1)) >= 0) {
 		if (matchsubs) {
 		    Cline tmp = get_cline(NULL, 0, NULL, 0, NULL, 0, 0);
@@ -1757,14 +1757,14 @@
 		bpadd = strlen(s) - ml;
 	    } else {
 		if (llpl <= lpl && strpfx(lpre, s))
-		    lpre = "";
+		    lpre = dupstring("");
 		else if (llpl > lpl && strpfx(s, lpre))
 		    lpre += lpl;
 		else
 		    *argv = NULL;
 		bcp = lpl;
 	    }
-	    s = dat->psuf ? dat->psuf : "";
+	    s = dat->psuf ? dat->psuf : dupstring("");
 	    if ((ml = match_str(lsuf, s, &bsl, 0, NULL, 1, 0, 1)) >= 0) {
 		if (matchsubs) {
 		    Cline tmp = get_cline(NULL, 0, NULL, 0, NULL, 0, CLF_SUF);
@@ -1782,7 +1782,7 @@
 		bsadd = strlen(s) - ml;
 	    } else {
 		if (llsl <= lsl && strsfx(lsuf, s))
-		    lsuf = "";
+		    lsuf = dupstring("");
 		else if (llsl > lsl && strsfx(s, lsuf))
 		    lsuf[llsl - lsl] = '\0';
 		else

--
Sven Wischnowsky                         wischnow@informatik.hu-berlin.de