Re: Bug#283358: echo $((##)) overflows buffer

Re: Bug#283358: echo $((##)) overflows buffer

[Clint Adams]

> falk@juist:~% echo $((##))
> zsh: bad math expression: operator expected at `T\n^E ^A'
> 
> I also get "operator expected at `Œ'" sometimes. It seems to access
> uninitialized memory.

Can you track this down with gdb?

> This also makes a test fail:
> (http://buildd.debian.org/fetch.php?&pkg=zsh&ver=4.2.1-12&arch=alpha&stamp=1101580428&file=log&as=raw)
> 
> ./../Test/C01arith.ztst: starting.
> Test ../../Test/C01arith.ztst failed: bad status 1, expected 0 from:
>   print $((##))
> Error output:
> (eval):1: bad math expression: operator expected at `T\n^E ^A'
> Was testing: ## without following character
> ../../Test/C01arith.ztst: test failed.
> 
> I think you should have the build fail if a test fails.

Can't do this; at least one test fails on every architecture.

Re: Bug#283358: echo $((##)) overflows buffer

[Clint Adams]

>     Doesn't happen in 4.0.9... It always prints '0'. Should I try
> to set some option to reproduce?
> 
>     Raúl Núñez de Arenas Coronado

This is only happening on Alphas, it would seem.

Re: Bug#283358: echo $((##)) overflows buffer

[DervishD]

    Hi Clint and Falk :)

 * Clint Adams <schizo@debian.org> dixit:
> > falk@juist:~% echo $((##))
> > zsh: bad math expression: operator expected at `T\n^E ^A'

    Doesn't happen in 4.0.9... It always prints '0'. Should I try
to set some option to reproduce?

    Raúl Núñez de Arenas Coronado

-- 
Linux Registered User 88736
http://www.dervishd.net & http://www.pleyades.net/

Re: Bug#283358: echo $((##)) overflows buffer

[Peter Stephenson]

Clint Adams wrote:
> > falk@juist:~% echo $((##))
> > zsh: bad math expression: operator expected at `T\n^E ^A'

It's expecting a key string and getting just a null string.  I think
that's causing the buffer where the key should be written to be
uninitialised.  Presumably that can have direr effects when the pointer
has to be 64-bit aligned.

The following should trap the error before it gets to that stage.

% print $((##))
zsh: character missing after ##

Index: Src/math.c
===================================================================
RCS file: /cvsroot/zsh/zsh/Src/math.c,v
retrieving revision 1.21
diff -u -r1.21 math.c
--- Src/math.c	16 Aug 2004 09:53:11 -0000	1.21
+++ Src/math.c	29 Nov 2004 11:54:28 -0000
@@ -451,6 +451,10 @@
 		    int v;
 
 		    ptr++;
+		    if (!*ptr) {
+			zerr("character missing after ##", NULL, 0);
+			return EOI;
+		    }
 		    ptr = getkeystring(ptr, NULL, 6, &v);
 		    yyval.u.l = v;
 		    return NUM;

-- 
Peter Stephenson <pws@csr.com>                  Software Engineer
CSR PLC, Churchill House, Cambridge Business Park, Cowley Road
Cambridge, CB4 0WZ, UK                          Tel: +44 (0)1223 692070


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**********************************************************************

Re: Bug#283358: echo $((##)) overflows buffer

[Clint Adams]

> The following should trap the error before it gets to that stage.
> 
> % print $((##))
> zsh: character missing after ##

Yup, now it's

../../Test/C01arith.ztst: starting.
Test ../../Test/C01arith.ztst failed: bad status 1, expected 0 from:
  print $((##))
Error output:
(eval):1: character missing after ##
Was testing: ## without following character
../../Test/C01arith.ztst: test failed.