From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 6831 invoked from network); 25 Feb 2009 11:50:22 -0000 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=-1.7 required=5.0 tests=AWL,BAYES_00,PLING_QUERY autolearn=no version=3.2.5 Received: from news.dotsrc.org (HELO a.mx.sunsite.dk) (130.225.247.88) by ns1.primenet.com.au with SMTP; 25 Feb 2009 11:50:22 -0000 Received-SPF: none (ns1.primenet.com.au: domain at sunsite.dk does not designate permitted sender hosts) Received: (qmail 94863 invoked from network); 25 Feb 2009 11:50:17 -0000 Received: from sunsite.dk (130.225.247.90) by a.mx.sunsite.dk with SMTP; 25 Feb 2009 11:50:17 -0000 Received: (qmail 11096 invoked by alias); 25 Feb 2009 11:50:13 -0000 Mailing-List: contact zsh-workers-help@sunsite.dk; run by ezmlm Precedence: bulk X-No-Archive: yes X-Seq: 26604 Received: (qmail 11085 invoked from network); 25 Feb 2009 11:50:13 -0000 Received: from bifrost.dotsrc.org (130.225.254.106) by sunsite.dk with SMTP; 25 Feb 2009 11:50:13 -0000 Received: from cluster-d.mailcontrol.com (cluster-d.mailcontrol.com [85.115.60.190]) by bifrost.dotsrc.org (Postfix) with ESMTPS id AE2B58058F83 for ; Wed, 25 Feb 2009 12:50:10 +0100 (CET) Received: from rly17d.srv.mailcontrol.com (localhost.localdomain [127.0.0.1]) by rly17d.srv.mailcontrol.com (MailControl) with ESMTP id n1PBo7Je013626 for ; Wed, 25 Feb 2009 11:50:08 GMT Received: from submission.mailcontrol.com (submission.mailcontrol.com [86.111.216.190]) by rly17d.srv.mailcontrol.com (MailControl) id n1PBnB1k006470 for zsh-workers@sunsite.dk; Wed, 25 Feb 2009 11:49:11 GMT Received: from cameurexb01.EUROPE.ROOT.PRI ([193.128.72.68]) by rly17d-eth0.srv.mailcontrol.com (envelope-sender Peter.Stephenson@csr.com) (MIMEDefang) with ESMTP id n1PBmJ3g029520; Wed, 25 Feb 2009 11:49:11 +0000 (GMT) Received: from news01.csr.com ([10.103.143.38]) by cameurexb01.EUROPE.ROOT.PRI with Microsoft SMTPSVC(6.0.3790.3959); Wed, 25 Feb 2009 11:42:48 +0000 Received: from news01.csr.com (localhost.localdomain [127.0.0.1]) by news01.csr.com (8.14.2/8.13.4) with ESMTP id n1PBgmwB011366; Wed, 25 Feb 2009 11:42:49 GMT Received: from csr.com (pws@localhost) by news01.csr.com (8.14.2/8.14.2/Submit) with ESMTP id n1PBgmEU011362; Wed, 25 Feb 2009 11:42:48 GMT Message-Id: <200902251142.n1PBgmEU011362@news01.csr.com> X-Authentication-Warning: news01.csr.com: pws owned process doing -bs To: DragonK cc: zsh-workers@sunsite.dk Subject: Re: Buffer overflow in "!" handling? In-reply-to: <8fa12ca90902250339n10d7ee9qecd03b0097b3d9a5@mail.gmail.com> References: <8fa12ca90902250142s171605bekd87885e3dbc5c4a6@mail.gmail.com> <20090225102603.089bc856@news01> <8fa12ca90902250339n10d7ee9qecd03b0097b3d9a5@mail.gmail.com> Comments: In-reply-to DragonK message dated "Wed, 25 Feb 2009 13:39:36 +0200." Date: Wed, 25 Feb 2009 11:42:47 +0000 From: Peter Stephenson X-OriginalArrivalTime: 25 Feb 2009 11:42:49.0007 (UTC) FILETIME=[2F0F53F0:01C9973E] X-Scanned-By: MailControl A_08_51_00 (www.mailcontrol.com) on 10.68.1.127 X-Virus-Scanned: ClamAV 0.92.1/9047/Wed Feb 25 11:59:41 2009 on bifrost X-Virus-Status: Clean DragonK wrote: > > You're right, that's nasty. See if you can get it to happen with this... > > I've applied the patch and it seems to work now; as far as I > understand from the comments in mem.c, memory allocated with zhalloc() > doesn't need to be explicitly free()d, right? Yes, that's correct; the heap of memory is popped in one go when we return to the top level of processing. The hrealloc() is a bit of a hack... we're not really reallocating heap most of the time, we're just allocating more somewhere else, but from the API point of view it's the simplest thing to do in the rare cases where we really need more than 256 words. Thanks for looking. -- Peter Stephenson Software Engineer CSR PLC, Churchill House, Cambridge Business Park, Cowley Road Cambridge, CB4 0WZ, UK Tel: +44 (0)1223 692070