From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 2137 invoked from network); 22 Aug 2007 16:55:48 -0000 X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.2.1 Received: from news.dotsrc.org (HELO a.mx.sunsite.dk) (130.225.247.88) by ns1.primenet.com.au with SMTP; 22 Aug 2007 16:55:48 -0000 Received-SPF: none (ns1.primenet.com.au: domain at sunsite.dk does not designate permitted sender hosts) Received: (qmail 49849 invoked from network); 22 Aug 2007 16:55:42 -0000 Received: from sunsite.dk (130.225.247.90) by a.mx.sunsite.dk with SMTP; 22 Aug 2007 16:55:42 -0000 Received: (qmail 23919 invoked by alias); 22 Aug 2007 16:55:39 -0000 Mailing-List: contact zsh-workers-help@sunsite.dk; run by ezmlm Precedence: bulk X-No-Archive: yes X-Seq: 23794 Received: (qmail 23905 invoked from network); 22 Aug 2007 16:55:38 -0000 Received: from news.dotsrc.org (HELO a.mx.sunsite.dk) (130.225.247.88) by sunsite.dk with SMTP; 22 Aug 2007 16:55:38 -0000 Received: (qmail 49545 invoked from network); 22 Aug 2007 16:55:37 -0000 Received: from cluster-g.mailcontrol.com (85.115.41.190) by a.mx.sunsite.dk with SMTP; 22 Aug 2007 16:55:33 -0000 Received: from cameurexb01.EUROPE.ROOT.PRI ([62.189.241.200]) by rly10g.srv.mailcontrol.com (MailControl) with ESMTP id l7MGqmk3013913 for ; Wed, 22 Aug 2007 17:55:23 +0100 Received: from news01.csr.com ([10.103.143.38]) by cameurexb01.EUROPE.ROOT.PRI with Microsoft SMTPSVC(6.0.3790.1830); Wed, 22 Aug 2007 17:54:23 +0100 Date: Wed, 22 Aug 2007 17:54:23 +0100 From: Peter Stephenson To: zsh-workers@sunsite.dk Subject: Re: segfault completing "foo$" Message-ID: <20070822175423.0c7aee72@news01.csr.com> In-Reply-To: <20070822160237.GA23377@scowler.net> References: <20070822160237.GA23377@scowler.net> Organization: CSR X-Mailer: Claws Mail 2.9.1 (GTK+ 2.10.13; i386-redhat-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 22 Aug 2007 16:54:23.0856 (UTC) FILETIME=[179F2700:01C7E4DD] X-Scanned-By: MailControl A-07-08-00 (www.mailcontrol.com) on 10.71.0.120 On Wed, 22 Aug 2007 12:02:37 -0400 Clint Adams wrote: > Type "foo$" (1-3 tabs, depending on setup, I think) to > segfault zsh. That's never been properly handled, I don't think, but in 4.2 it didn't cause a segfault, simply assigned a duff number in the parameter suffix table. The code implies that could do dire things later on, but I don't know if it did. Now we actually use the invalid value for creating a prefix string to analyse, which causes the crash. I think the immediate fix is simply "don't do that". I don't think parameter completion should even be active in this case, but there's no way I'm going down that route. This parq business is in the "not even obscure" category. Index: Src/Zle/compresult.c =================================================================== RCS file: /cvsroot/zsh/zsh/Src/Zle/compresult.c,v retrieving revision 1.71 diff -u -r1.71 compresult.c --- Src/Zle/compresult.c 28 May 2007 13:08:48 -0000 1.71 +++ Src/Zle/compresult.c 22 Aug 2007 16:47:57 -0000 @@ -1148,7 +1148,7 @@ makesuffixstr(m->remf, m->rems, 1); } } - if (minfo.we && partest && isset(AUTOPARAMKEYS)) { + if (minfo.we && partest && isset(AUTOPARAMKEYS) && minfo.insc - parq > 0) { /* the suffix code needs numbers of characters, not octets */ int outlen; char *tmpstr = dupstrpfx(zlemetaline + parq, minfo.insc - parq); -- Peter Stephenson Software Engineer CSR PLC, Churchill House, Cambridge Business Park, Cowley Road Cambridge, CB4 0WZ, UK Tel: +44 (0)1223 692070 .