From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 1353 invoked from network); 2 Apr 2007 10:48:45 -0000 X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00,FORGED_RCVD_HELO autolearn=ham version=3.1.8 Received: from news.dotsrc.org (HELO a.mx.sunsite.dk) (130.225.247.88) by ns1.primenet.com.au with SMTP; 2 Apr 2007 10:48:45 -0000 Received-SPF: none (ns1.primenet.com.au: domain at sunsite.dk does not designate permitted sender hosts) Received: (qmail 78141 invoked from network); 2 Apr 2007 10:48:37 -0000 Received: from sunsite.dk (130.225.247.90) by a.mx.sunsite.dk with SMTP; 2 Apr 2007 10:48:37 -0000 Received: (qmail 11827 invoked by alias); 2 Apr 2007 10:48:34 -0000 Mailing-List: contact zsh-workers-help@sunsite.dk; run by ezmlm Precedence: bulk X-No-Archive: yes X-Seq: 23257 Received: (qmail 11815 invoked from network); 2 Apr 2007 10:48:33 -0000 Received: from news.dotsrc.org (HELO a.mx.sunsite.dk) (130.225.247.88) by sunsite.dk with SMTP; 2 Apr 2007 10:48:33 -0000 Received: (qmail 77847 invoked from network); 2 Apr 2007 10:48:33 -0000 Received: from cluster-c.mailcontrol.com (168.143.177.190) by a.mx.sunsite.dk with SMTP; 2 Apr 2007 10:48:29 -0000 Received: from cameurexb01.EUROPE.ROOT.PRI ([62.189.241.200]) by rly22c.srv.mailcontrol.com (MailControl) with ESMTP id l32AkjI4024571 for ; Mon, 2 Apr 2007 11:48:23 +0100 Received: from news01.csr.com ([10.103.143.38]) by cameurexb01.EUROPE.ROOT.PRI with Microsoft SMTPSVC(6.0.3790.1830); Mon, 2 Apr 2007 11:48:16 +0100 Date: Mon, 2 Apr 2007 11:48:16 +0100 From: Peter Stephenson To: zsh-workers@sunsite.dk Subject: Re: buffer overflow detected ***: ../Src/zsh terminated Message-Id: <20070402114816.5ececb9e.pws@csr.com> In-Reply-To: <20070401192942.GP29754@solemn.turbinal> References: <20070330140145.GA29754@solemn.turbinal> <20070401192942.GP29754@solemn.turbinal> Organization: Cambridge Silicon Radio X-Mailer: Sylpheed version 2.2.10 (GTK+ 2.10.8; i386-redhat-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 02 Apr 2007 10:48:16.0862 (UTC) FILETIME=[6B9D5FE0:01C77514] X-Scanned-By: MailControl A-06-00-00 (www.mailcontrol.com) on 10.67.0.132 Alexey Tourbin wrote: > On Fri, Mar 30, 2007 at 06:01:45PM +0400, Alexey Tourbin wrote: > > Here is what happens with most recent zsh snapshot. > > > > ./D07multibyte.ztst: starting. > > Testing multibyte with locale en_US.UTF-8 > > *** buffer overflow detected ***: ../Src/zsh terminated > > git-bisect blames this change: > > commit c28114a1fadd68432443c3a4b3822efdd11dbad2 > Author: Peter Stephenson > Date: Sat Feb 10 22:12:59 2007 +0000 > > fix metafication of ${(#)x} It might wll be this stupidity. I can't rely on the number of digits in an unsigned int, hence I've added the "&", too. Index: Src/subst.c =================================================================== RCS file: /cvsroot/zsh/zsh/Src/subst.c,v retrieving revision 1.76 diff -u -r1.76 subst.c --- Src/subst.c 25 Feb 2007 23:41:04 -0000 1.76 +++ Src/subst.c 2 Apr 2007 10:46:07 -0000 @@ -1199,10 +1199,11 @@ return NULL; #ifdef MULTIBYTE_SUPPORT if (isset(MULTIBYTE) && ires > 127) { - char buf[10]; + /* '\\' + 'U' + 8 bytes of character + '\0' */ + char buf[11]; /* inefficient: should separate out \U handling from getkeystring */ - sprintf(buf, "\\U%.8x", (unsigned int)ires); + sprintf(buf, "\\U%.8x", (unsigned int)ires & 0xFFFFFFFFu); ptr = getkeystring(buf, &len, GETKEYS_BINDKEY, NULL); } if (len == 0) -- Peter Stephenson Software Engineer CSR PLC, Churchill House, Cambridge Business Park, Cowley Road Cambridge, CB4 0WZ, UK Tel: +44 (0)1223 692070 To access the latest news from CSR copy this link into a web browser: http://www.csr.com/email_sig.php To get further information regarding CSR, please visit our Investor Relations page at http://ir.csr.com/csr/about/overview