* buffer overflow detected ***: ../Src/zsh terminated @ 2007-03-30 14:01 Alexey Tourbin 2007-04-01 19:29 ` Alexey Tourbin 0 siblings, 1 reply; 4+ messages in thread From: Alexey Tourbin @ 2007-03-30 14:01 UTC (permalink / raw) To: zsh-workers [-- Attachment #1: Type: text/plain, Size: 1146 bytes --] Hello, Here is what happens with most recent zsh snapshot. ./D07multibyte.ztst: starting. Testing multibyte with locale en_US.UTF-8 *** buffer overflow detected ***: ../Src/zsh terminated ======= Backtrace: ========= /lib/libc.so.6(__chk_fail+0x41)[0x401552a1] /lib/libc.so.6[0x40154ae8] /lib/libc.so.6(_IO_default_xsputn+0xa7)[0x400e9407] /lib/libc.so.6(_IO_vfprintf+0x1a07)[0x400c4697] /lib/libc.so.6(__vsprintf_chk+0xab)[0x40154b9b] /lib/libc.so.6(__sprintf_chk+0x30)[0x40154ad0] ../Src/zsh[0x80a5a97] ../Src/zsh[0x80a969b] ../Src/zsh(prefork+0x69)[0x80ab309] ../Src/zsh[0x80671f0] ../Src/zsh[0x80692e9] ../Src/zsh[0x80696c9] ../Src/zsh(execlist+0x33a)[0x806a39a] ../Src/zsh(execfor+0x21e)[0x808592e] ../Src/zsh[0x8068442] ../Src/zsh[0x8069574] ../Src/zsh[0x80696c9] ../Src/zsh(execlist+0x33a)[0x806a39a] ../Src/zsh(execode+0x3a)[0x806a65a] ../Src/zsh(bin_eval+0x88)[0x8053e08] ../Src/zsh(execbuiltin+0x5a3)[0x805b733] ../Src/zsh[0x8068e9a] ../Src/zsh[0x80692e9] ../Src/zsh[0x80696c9] ../Src/zsh(execlist+0x33a)[0x806a39a] ../Src/zsh(execode+0x3a)[0x806a65a] ../Src/zsh(runshfunc+0xd1)[0x806a741] ../Src/zsh(doshfunc+0x34e)[0x806aabe] [...] [-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --] ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: buffer overflow detected ***: ../Src/zsh terminated 2007-03-30 14:01 buffer overflow detected ***: ../Src/zsh terminated Alexey Tourbin @ 2007-04-01 19:29 ` Alexey Tourbin 2007-04-02 10:48 ` Peter Stephenson 0 siblings, 1 reply; 4+ messages in thread From: Alexey Tourbin @ 2007-04-01 19:29 UTC (permalink / raw) To: zsh-workers [-- Attachment #1: Type: text/plain, Size: 654 bytes --] On Fri, Mar 30, 2007 at 06:01:45PM +0400, Alexey Tourbin wrote: > Here is what happens with most recent zsh snapshot. > > ./D07multibyte.ztst: starting. > Testing multibyte with locale en_US.UTF-8 > *** buffer overflow detected ***: ../Src/zsh terminated git-bisect blames this change: commit c28114a1fadd68432443c3a4b3822efdd11dbad2 Author: Peter Stephenson Date: Sat Feb 10 22:12:59 2007 +0000 fix metafication of ${(#)x} --- ChangeLog | 6 ++++++ Src/subst.c | 12 ++++++++---- Test/D07multibyte.ztst | 32 ++++++++++++++++++++++++++++++++ 3 files changed, 46 insertions(+), 4 deletions(-) [-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --] ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: buffer overflow detected ***: ../Src/zsh terminated 2007-04-01 19:29 ` Alexey Tourbin @ 2007-04-02 10:48 ` Peter Stephenson 2007-04-03 10:47 ` Alexey Tourbin 0 siblings, 1 reply; 4+ messages in thread From: Peter Stephenson @ 2007-04-02 10:48 UTC (permalink / raw) To: zsh-workers Alexey Tourbin <at@altlinux.ru> wrote: > On Fri, Mar 30, 2007 at 06:01:45PM +0400, Alexey Tourbin wrote: > > Here is what happens with most recent zsh snapshot. > > > > ./D07multibyte.ztst: starting. > > Testing multibyte with locale en_US.UTF-8 > > *** buffer overflow detected ***: ../Src/zsh terminated > > git-bisect blames this change: > > commit c28114a1fadd68432443c3a4b3822efdd11dbad2 > Author: Peter Stephenson > Date: Sat Feb 10 22:12:59 2007 +0000 > > fix metafication of ${(#)x} It might wll be this stupidity. I can't rely on the number of digits in an unsigned int, hence I've added the "&", too. Index: Src/subst.c =================================================================== RCS file: /cvsroot/zsh/zsh/Src/subst.c,v retrieving revision 1.76 diff -u -r1.76 subst.c --- Src/subst.c 25 Feb 2007 23:41:04 -0000 1.76 +++ Src/subst.c 2 Apr 2007 10:46:07 -0000 @@ -1199,10 +1199,11 @@ return NULL; #ifdef MULTIBYTE_SUPPORT if (isset(MULTIBYTE) && ires > 127) { - char buf[10]; + /* '\\' + 'U' + 8 bytes of character + '\0' */ + char buf[11]; /* inefficient: should separate out \U handling from getkeystring */ - sprintf(buf, "\\U%.8x", (unsigned int)ires); + sprintf(buf, "\\U%.8x", (unsigned int)ires & 0xFFFFFFFFu); ptr = getkeystring(buf, &len, GETKEYS_BINDKEY, NULL); } if (len == 0) -- Peter Stephenson <pws@csr.com> Software Engineer CSR PLC, Churchill House, Cambridge Business Park, Cowley Road Cambridge, CB4 0WZ, UK Tel: +44 (0)1223 692070 To access the latest news from CSR copy this link into a web browser: http://www.csr.com/email_sig.php To get further information regarding CSR, please visit our Investor Relations page at http://ir.csr.com/csr/about/overview ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: buffer overflow detected ***: ../Src/zsh terminated 2007-04-02 10:48 ` Peter Stephenson @ 2007-04-03 10:47 ` Alexey Tourbin 0 siblings, 0 replies; 4+ messages in thread From: Alexey Tourbin @ 2007-04-03 10:47 UTC (permalink / raw) To: zsh-workers [-- Attachment #1: Type: text/plain, Size: 435 bytes --] On Mon, Apr 02, 2007 at 11:48:16AM +0100, Peter Stephenson wrote: > > git-bisect blames this change: > > > > commit c28114a1fadd68432443c3a4b3822efdd11dbad2 > > Author: Peter Stephenson > > Date: Sat Feb 10 22:12:59 2007 +0000 > > > > fix metafication of ${(#)x} > > It might wll be this stupidity. I can't rely on the number of digits > in an unsigned int, hence I've added the "&", too. Thanks, it works now. [-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --] ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2007-04-03 10:47 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2007-03-30 14:01 buffer overflow detected ***: ../Src/zsh terminated Alexey Tourbin 2007-04-01 19:29 ` Alexey Tourbin 2007-04-02 10:48 ` Peter Stephenson 2007-04-03 10:47 ` Alexey Tourbin
Code repositories for project(s) associated with this public inbox https://git.vuxu.org/mirror/zsh/ This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).