From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <zsh-workers-return-18904-mason-zsh=primenet.com.au@sunsite.dk>
Received: (qmail 1686 invoked from network); 25 Jul 2003 09:55:29 -0000
Received: from sunsite.dk (130.225.247.90)
  by ns1.primenet.com.au with SMTP; 25 Jul 2003 09:55:29 -0000
Received: (qmail 11330 invoked by alias); 25 Jul 2003 09:55:14 -0000
Mailing-List: contact zsh-workers-help@sunsite.dk; run by ezmlm
Precedence: bulk
X-No-Archive: yes
X-Seq: 18904
Received: (qmail 10171 invoked from network); 25 Jul 2003 09:48:33 -0000
Received: from localhost (HELO sunsite.dk) (127.0.0.1)
  by localhost with SMTP; 25 Jul 2003 09:48:33 -0000
X-MessageWall-Score: 0 (sunsite.dk)
Received: from [66.189.198.120] by sunsite.dk (MessageWall 1.0.8) with SMTP; 25 Jul 2003 9:48:32 -0000
Received: by chris.spiegels (Postfix, from userid 1000)
	id 93598C24CD; Fri, 25 Jul 2003 02:48:31 -0700 (PDT)
Date: Fri, 25 Jul 2003 02:48:31 -0700
From: Chris Spiegel <matrix@xirtam.org>
To: zsh-workers@sunsite.dk
Subject: Bug in zsh 4.0.7
Message-ID: <20030725094831.GA19360@midgard.spiegels>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.1i

Hi,
  There is a bug in Src/math.c of zsh 4.0.7, line 382.  It is:

yyval.u.l = zstrtol(++ptr, &ptr, lastbase = 16);

The issue is that it's unspecified whether ++ptr or &ptr happens first.
Strictly speaking according to the C standard this results in undefined
behavior but in practice it means you may be taking the wrong address
(it may take the address of the pointer to 'X' or 'x', instead of the
address of the pointer one beyond 'X' or 'x').

The presumed fix would be:
ptr++;
yyval.u.l = zstrtol(ptr, &ptr, lastbase = 16);

References are C99 6.5p2 and C90 6.3p2.

Chris