Bug in zsh 4.0.7

Bug in zsh 4.0.7

[Chris Spiegel]

Hi,
  There is a bug in Src/math.c of zsh 4.0.7, line 382.  It is:

yyval.u.l = zstrtol(++ptr, &ptr, lastbase = 16);

The issue is that it's unspecified whether ++ptr or &ptr happens first.
Strictly speaking according to the C standard this results in undefined
behavior but in practice it means you may be taking the wrong address
(it may take the address of the pointer to 'X' or 'x', instead of the
address of the pointer one beyond 'X' or 'x').

The presumed fix would be:
ptr++;
yyval.u.l = zstrtol(ptr, &ptr, lastbase = 16);

References are C99 6.5p2 and C90 6.3p2.

Chris

Re: Bug in zsh 4.0.7

[Zefram]

Chris Spiegel wrote:
>yyval.u.l = zstrtol(++ptr, &ptr, lastbase = 16);
>
>The issue is that it's unspecified whether ++ptr or &ptr happens first.

The expression &ptr doesn't use the value of ptr (which ++ptr modifies).
The value of &ptr is unaffected by the increment.  The behaviour is
perfectly well-defined.

-zefram

Re: Bug in zsh 4.0.7

[Peter Stephenson]

Chris Spiegel wrote:
> Hi,
>   There is a bug in Src/math.c of zsh 4.0.7, line 382.  It is:
>
> yyval.u.l = zstrtol(++ptr, &ptr, lastbase = 16);
>
> The issue is that it's unspecified whether ++ptr or &ptr happens first.

I don't think that matters.  &ptr always refers to the same address in
memory, whatever the value of ptr is.

                --- 	       	 ---
Value          | Y |	       	|Y+1|
               |---|	       	|---|
Address  &ptr->|   |   	  &ptr->|   |
                --- 		 ---

ptr has certainly been incremented by the time of the function call, so
the function call can change its value without any problem.

You're worrying about the case where we pass ptr as the second argument,
which as you say is undefined.

-- 
Peter Stephenson <pws@csr.com>                  Software Engineer
CSR Ltd., Science Park, Milton Road,
Cambridge, CB4 0WH, UK                          Tel: +44 (0)1223 692070


**********************************************************************
The information transmitted is intended only for the person or
entity to which it is addressed and may contain confidential 
and/or privileged material. 
Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by 
persons or entities other than the intended recipient is 
prohibited.  
If you received this in error, please contact the sender and 
delete the material from any computer.
**********************************************************************

Re: Bug in zsh 4.0.7

[Chris Spiegel]

Hi,

  You folks are of course correct.  I jumped the gun on seeing a
modification and a reference without thinking clearly of whether the
reference actually took a value; I'd like to apologize for wasting your
time and say thanks for the quick and courteous replies.

Chris