* buffer overflow detected ***: ../Src/zsh terminated
@ 2007-03-30 14:01 Alexey Tourbin
2007-04-01 19:29 ` Alexey Tourbin
0 siblings, 1 reply; 4+ messages in thread
From: Alexey Tourbin @ 2007-03-30 14:01 UTC (permalink / raw)
To: zsh-workers
[-- Attachment #1: Type: text/plain, Size: 1146 bytes --]
Hello,
Here is what happens with most recent zsh snapshot.
./D07multibyte.ztst: starting.
Testing multibyte with locale en_US.UTF-8
*** buffer overflow detected ***: ../Src/zsh terminated
======= Backtrace: =========
/lib/libc.so.6(__chk_fail+0x41)[0x401552a1]
/lib/libc.so.6[0x40154ae8]
/lib/libc.so.6(_IO_default_xsputn+0xa7)[0x400e9407]
/lib/libc.so.6(_IO_vfprintf+0x1a07)[0x400c4697]
/lib/libc.so.6(__vsprintf_chk+0xab)[0x40154b9b]
/lib/libc.so.6(__sprintf_chk+0x30)[0x40154ad0]
../Src/zsh[0x80a5a97]
../Src/zsh[0x80a969b]
../Src/zsh(prefork+0x69)[0x80ab309]
../Src/zsh[0x80671f0]
../Src/zsh[0x80692e9]
../Src/zsh[0x80696c9]
../Src/zsh(execlist+0x33a)[0x806a39a]
../Src/zsh(execfor+0x21e)[0x808592e]
../Src/zsh[0x8068442]
../Src/zsh[0x8069574]
../Src/zsh[0x80696c9]
../Src/zsh(execlist+0x33a)[0x806a39a]
../Src/zsh(execode+0x3a)[0x806a65a]
../Src/zsh(bin_eval+0x88)[0x8053e08]
../Src/zsh(execbuiltin+0x5a3)[0x805b733]
../Src/zsh[0x8068e9a]
../Src/zsh[0x80692e9]
../Src/zsh[0x80696c9]
../Src/zsh(execlist+0x33a)[0x806a39a]
../Src/zsh(execode+0x3a)[0x806a65a]
../Src/zsh(runshfunc+0xd1)[0x806a741]
../Src/zsh(doshfunc+0x34e)[0x806aabe]
[...]
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: buffer overflow detected ***: ../Src/zsh terminated
2007-03-30 14:01 buffer overflow detected ***: ../Src/zsh terminated Alexey Tourbin
@ 2007-04-01 19:29 ` Alexey Tourbin
2007-04-02 10:48 ` Peter Stephenson
0 siblings, 1 reply; 4+ messages in thread
From: Alexey Tourbin @ 2007-04-01 19:29 UTC (permalink / raw)
To: zsh-workers
[-- Attachment #1: Type: text/plain, Size: 654 bytes --]
On Fri, Mar 30, 2007 at 06:01:45PM +0400, Alexey Tourbin wrote:
> Here is what happens with most recent zsh snapshot.
>
> ./D07multibyte.ztst: starting.
> Testing multibyte with locale en_US.UTF-8
> *** buffer overflow detected ***: ../Src/zsh terminated
git-bisect blames this change:
commit c28114a1fadd68432443c3a4b3822efdd11dbad2
Author: Peter Stephenson
Date: Sat Feb 10 22:12:59 2007 +0000
fix metafication of ${(#)x}
---
ChangeLog | 6 ++++++
Src/subst.c | 12 ++++++++----
Test/D07multibyte.ztst | 32 ++++++++++++++++++++++++++++++++
3 files changed, 46 insertions(+), 4 deletions(-)
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: buffer overflow detected ***: ../Src/zsh terminated
2007-04-01 19:29 ` Alexey Tourbin
@ 2007-04-02 10:48 ` Peter Stephenson
2007-04-03 10:47 ` Alexey Tourbin
0 siblings, 1 reply; 4+ messages in thread
From: Peter Stephenson @ 2007-04-02 10:48 UTC (permalink / raw)
To: zsh-workers
Alexey Tourbin <at@altlinux.ru> wrote:
> On Fri, Mar 30, 2007 at 06:01:45PM +0400, Alexey Tourbin wrote:
> > Here is what happens with most recent zsh snapshot.
> >
> > ./D07multibyte.ztst: starting.
> > Testing multibyte with locale en_US.UTF-8
> > *** buffer overflow detected ***: ../Src/zsh terminated
>
> git-bisect blames this change:
>
> commit c28114a1fadd68432443c3a4b3822efdd11dbad2
> Author: Peter Stephenson
> Date: Sat Feb 10 22:12:59 2007 +0000
>
> fix metafication of ${(#)x}
It might wll be this stupidity. I can't rely on the number of digits
in an unsigned int, hence I've added the "&", too.
Index: Src/subst.c
===================================================================
RCS file: /cvsroot/zsh/zsh/Src/subst.c,v
retrieving revision 1.76
diff -u -r1.76 subst.c
--- Src/subst.c 25 Feb 2007 23:41:04 -0000 1.76
+++ Src/subst.c 2 Apr 2007 10:46:07 -0000
@@ -1199,10 +1199,11 @@
return NULL;
#ifdef MULTIBYTE_SUPPORT
if (isset(MULTIBYTE) && ires > 127) {
- char buf[10];
+ /* '\\' + 'U' + 8 bytes of character + '\0' */
+ char buf[11];
/* inefficient: should separate out \U handling from getkeystring */
- sprintf(buf, "\\U%.8x", (unsigned int)ires);
+ sprintf(buf, "\\U%.8x", (unsigned int)ires & 0xFFFFFFFFu);
ptr = getkeystring(buf, &len, GETKEYS_BINDKEY, NULL);
}
if (len == 0)
--
Peter Stephenson <pws@csr.com> Software Engineer
CSR PLC, Churchill House, Cambridge Business Park, Cowley Road
Cambridge, CB4 0WZ, UK Tel: +44 (0)1223 692070
To access the latest news from CSR copy this link into a web browser: http://www.csr.com/email_sig.php
To get further information regarding CSR, please visit our Investor Relations page at http://ir.csr.com/csr/about/overview
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: buffer overflow detected ***: ../Src/zsh terminated
2007-04-02 10:48 ` Peter Stephenson
@ 2007-04-03 10:47 ` Alexey Tourbin
0 siblings, 0 replies; 4+ messages in thread
From: Alexey Tourbin @ 2007-04-03 10:47 UTC (permalink / raw)
To: zsh-workers
[-- Attachment #1: Type: text/plain, Size: 435 bytes --]
On Mon, Apr 02, 2007 at 11:48:16AM +0100, Peter Stephenson wrote:
> > git-bisect blames this change:
> >
> > commit c28114a1fadd68432443c3a4b3822efdd11dbad2
> > Author: Peter Stephenson
> > Date: Sat Feb 10 22:12:59 2007 +0000
> >
> > fix metafication of ${(#)x}
>
> It might wll be this stupidity. I can't rely on the number of digits
> in an unsigned int, hence I've added the "&", too.
Thanks, it works now.
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2007-04-03 10:47 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-03-30 14:01 buffer overflow detected ***: ../Src/zsh terminated Alexey Tourbin
2007-04-01 19:29 ` Alexey Tourbin
2007-04-02 10:48 ` Peter Stephenson
2007-04-03 10:47 ` Alexey Tourbin
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).