* segfault completing "foo$"
@ 2007-08-22 16:02 Clint Adams
2007-08-22 16:54 ` Peter Stephenson
0 siblings, 1 reply; 2+ messages in thread
From: Clint Adams @ 2007-08-22 16:02 UTC (permalink / raw)
To: zsh-workers
Type "foo$"<TAB><TAB><TAB> (1-3 tabs, depending on setup, I think) to segfault zsh.
#0 0x00002b994d4b47d3 in memcpy () from /lib/libc.so.6
#1 0x000000000046c6ba in dupstrpfx (s=0x77fea1 "foo$\"_", len=<value optimized out>) at ../../Src/string.c:146
#2 0x00002b994e210e37 in do_single (m=0x75f170) at ../../../Src/Zle/compresult.c:1154
#3 0x00002b994e211dda in do_ambig_menu () at ../../../Src/Zle/compresult.c:1403
#4 0x00002b994e211925 in do_ambiguous () at ../../../Src/Zle/compresult.c:767
#5 0x00002b994e2079ed in do_completion (dummy=<value optimized out>, dat=<value optimized out>) at ../../../Src/Zle/compcore.c:401
#6 0x00002b994dfddcf3 in docompletion (s=<value optimized out>, lst=<value optimized out>, incmd=-8)
at ../../../Src/Zle/zle_tricky.c:2035
#7 0x00002b994dfe1022 in docomplete (lst=3) at ../../../Src/Zle/zle_tricky.c:842
#8 0x00002b994dfdbdb0 in completecall (args=<value optimized out>) at ../../../Src/Zle/zle_tricky.c:208
#9 0x00002b994dfd08a6 in execzlefunc (func=0x2b994e1ee4f0, args=0x2b994e1f3440, set_bindk=0) at ../../../Src/Zle/zle_main.c:1254
#10 0x00002b994dfd0a9d in zlecore () at ../../../Src/Zle/zle_main.c:1019
#11 0x00002b994dfd10db in zleread (lp=<value optimized out>, rp=<value optimized out>, flags=<value optimized out>,
context=<value optimized out>) at ../../../Src/Zle/zle_main.c:1174
#12 0x000000000043d080 in ingetc () at ../../Src/input.c:278
#13 0x0000000000437f1a in ihgetc () at ../../Src/hist.c:240
#14 0x0000000000445a5b in gettok () at ../../Src/lex.c:630
#15 0x0000000000446258 in yylex () at ../../Src/lex.c:345
#16 0x0000000000461867 in parse_event () at ../../Src/parse.c:451
#17 0x000000000043baa8 in loop (toplevel=1, justonce=0) at ../../Src/init.c:128
#18 0x000000000043c80c in zsh_main (argc=<value optimized out>, argv=0x7fff5e183d58) at ../../Src/init.c:1347
#19 0x00002b994d457b44 in __libc_start_main () from /lib/libc.so.6
#20 0x000000000040f5b9 in _start ()
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: segfault completing "foo$"
2007-08-22 16:02 segfault completing "foo$" Clint Adams
@ 2007-08-22 16:54 ` Peter Stephenson
0 siblings, 0 replies; 2+ messages in thread
From: Peter Stephenson @ 2007-08-22 16:54 UTC (permalink / raw)
To: zsh-workers
On Wed, 22 Aug 2007 12:02:37 -0400
Clint Adams <clint@zsh.org> wrote:
> Type "foo$"<TAB><TAB><TAB> (1-3 tabs, depending on setup, I think) to
> segfault zsh.
That's never been properly handled, I don't think, but in 4.2 it didn't
cause a segfault, simply assigned a duff number in the parameter suffix
table. The code implies that could do dire things later on, but I don't
know if it did. Now we actually use the invalid value for creating a
prefix string to analyse, which causes the crash. I think the immediate
fix is simply "don't do that". I don't think parameter completion should
even be active in this case, but there's no way I'm going down that route.
This parq business is in the "not even obscure" category.
Index: Src/Zle/compresult.c
===================================================================
RCS file: /cvsroot/zsh/zsh/Src/Zle/compresult.c,v
retrieving revision 1.71
diff -u -r1.71 compresult.c
--- Src/Zle/compresult.c 28 May 2007 13:08:48 -0000 1.71
+++ Src/Zle/compresult.c 22 Aug 2007 16:47:57 -0000
@@ -1148,7 +1148,7 @@
makesuffixstr(m->remf, m->rems, 1);
}
}
- if (minfo.we && partest && isset(AUTOPARAMKEYS)) {
+ if (minfo.we && partest && isset(AUTOPARAMKEYS) && minfo.insc - parq > 0) {
/* the suffix code needs numbers of characters, not octets */
int outlen;
char *tmpstr = dupstrpfx(zlemetaline + parq, minfo.insc - parq);
--
Peter Stephenson <pws@csr.com> Software Engineer
CSR PLC, Churchill House, Cambridge Business Park, Cowley Road
Cambridge, CB4 0WZ, UK Tel: +44 (0)1223 692070
.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2007-08-22 16:55 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-08-22 16:02 segfault completing "foo$" Clint Adams
2007-08-22 16:54 ` Peter Stephenson
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).