From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 28953 invoked from network); 29 Nov 2004 11:59:08 -0000 Received: from news.dotsrc.org (HELO a.mx.sunsite.dk) (130.225.247.88) by ns1.primenet.com.au with SMTP; 29 Nov 2004 11:59:08 -0000 Received: (qmail 84234 invoked from network); 29 Nov 2004 11:59:03 -0000 Received: from sunsite.dk (130.225.247.90) by a.mx.sunsite.dk with SMTP; 29 Nov 2004 11:59:03 -0000 Received: (qmail 7813 invoked by alias); 29 Nov 2004 11:58:58 -0000 Mailing-List: contact zsh-workers-help@sunsite.dk; run by ezmlm Precedence: bulk X-No-Archive: yes X-Seq: 20592 Received: (qmail 7795 invoked from network); 29 Nov 2004 11:58:57 -0000 Received: from unknown (HELO a.mx.sunsite.dk) (130.225.247.88) by sunsite.dk with SMTP; 29 Nov 2004 11:58:57 -0000 Received: (qmail 83946 invoked from network); 29 Nov 2004 11:58:37 -0000 Received: from mailhost1.csr.com (HELO MAILSWEEPER01.csr.com) (81.105.217.43) by a.mx.sunsite.dk with SMTP; 29 Nov 2004 11:58:36 -0000 Received: from exchange03.csr.com (unverified [10.100.137.60]) by MAILSWEEPER01.csr.com (Content Technologies SMTPRS 4.3.12) with ESMTP id ; Mon, 29 Nov 2004 11:57:23 +0000 Received: from news01.csr.com ([10.103.143.38]) by exchange03.csr.com with Microsoft SMTPSVC(5.0.2195.6713); Mon, 29 Nov 2004 11:58:56 +0000 Received: from news01.csr.com (localhost.localdomain [127.0.0.1]) by news01.csr.com (8.12.11/8.12.11) with ESMTP id iATBwWAM018662; Mon, 29 Nov 2004 11:58:34 GMT Received: from csr.com (pws@localhost) by news01.csr.com (8.12.11/8.12.11/Submit) with ESMTP id iATBwRGR018654; Mon, 29 Nov 2004 11:58:27 GMT Message-Id: <200411291158.iATBwRGR018654@news01.csr.com> X-Authentication-Warning: news01.csr.com: pws owned process doing -bs To: zsh-workers@sunsite.dk, Falk Hueffner , 283358-forwarded@bugs.debian.org Subject: Re: Bug#283358: echo $((##)) overflows buffer In-reply-to: <20041128161030.GA9060@scowler.net> References: <20041128161030.GA9060@scowler.net> Date: Mon, 29 Nov 2004 11:58:25 +0000 From: Peter Stephenson X-OriginalArrivalTime: 29 Nov 2004 11:58:56.0354 (UTC) FILETIME=[CDC60420:01C4D60A] X-Spam-Checker-Version: SpamAssassin 2.63 on a.mx.sunsite.dk X-Spam-Level: X-Spam-Status: No, hits=0.0 required=6.0 tests=none autolearn=no version=2.63 X-Spam-Hits: 0.0 Clint Adams wrote: > > falk@juist:~% echo $((##)) > > zsh: bad math expression: operator expected at `T\n^E ^A' It's expecting a key string and getting just a null string. I think that's causing the buffer where the key should be written to be uninitialised. Presumably that can have direr effects when the pointer has to be 64-bit aligned. The following should trap the error before it gets to that stage. % print $((##)) zsh: character missing after ## Index: Src/math.c =================================================================== RCS file: /cvsroot/zsh/zsh/Src/math.c,v retrieving revision 1.21 diff -u -r1.21 math.c --- Src/math.c 16 Aug 2004 09:53:11 -0000 1.21 +++ Src/math.c 29 Nov 2004 11:54:28 -0000 @@ -451,6 +451,10 @@ int v; ptr++; + if (!*ptr) { + zerr("character missing after ##", NULL, 0); + return EOI; + } ptr = getkeystring(ptr, NULL, 6, &v); yyval.u.l = v; return NUM; -- Peter Stephenson Software Engineer CSR PLC, Churchill House, Cambridge Business Park, Cowley Road Cambridge, CB4 0WZ, UK Tel: +44 (0)1223 692070 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com **********************************************************************