From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <zsh-workers-return-28946-mason-zsh=primenet.com.au@zsh.org>
Received: (qmail 17034 invoked by alias); 27 Mar 2011 18:41:53 -0000
Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm
Precedence: bulk
X-No-Archive: yes
List-Id: Zsh Workers List <zsh-workers.zsh.org>
List-Post: <mailto:zsh-workers@zsh.org>
List-Help: <mailto:zsh-workers-help@zsh.org>
X-Seq: 28946
Received: (qmail 9004 invoked from network); 27 Mar 2011 18:41:40 -0000
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on f.primenet.com.au
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_NONE
	autolearn=ham version=3.3.1
Received-SPF: pass (ns1.primenet.com.au: SPF record at ntlworld.com designates 81.103.221.58 as permitted sender)
Date: Sun, 27 Mar 2011 17:54:03 +0100
From: Peter Stephenson <p.w.stephenson@ntlworld.com>
To: zsh workers <zsh-workers@zsh.org>
Subject: Re: crash/memory corruption when completing dynamic named directory
Message-ID: <20110327175403.2df4c55b@pws-pc.ntlworld.com>
In-Reply-To: <AANLkTikdWthR-4CO5yvMLRZeM6fzw=jHRM_VCpXjbQdC@mail.gmail.com>
References: <AANLkTi=qwPYqiwCGVw=vkN75JUFntDDrLgiO-CjYQQH9@mail.gmail.com>
	<AANLkTi=DsVZv5J2m26e86XgaD3qJtRtWMfDdWEoh3baD@mail.gmail.com>
	<alpine.LNX.2.01.1103261818320.22141@hp>
	<AANLkTinOF8x4XY8dtiPUkN=MaAcnyN59a_9yujM5KQAo@mail.gmail.com>
	<AANLkTikdWthR-4CO5yvMLRZeM6fzw=jHRM_VCpXjbQdC@mail.gmail.com>
X-Mailer: Claws Mail 3.7.8 (GTK+ 2.22.0; x86_64-redhat-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Cloudmark-Analysis: v=1.1 cv=R50lirqlHffDPPkwUlkuVa99MrvKdVWo//yz83qex8g= c=1 sm=0 a=UXBVTNJVEFIA:10 a=kj9zAlcOel0A:10 a=pGLkceISAAAA:8 a=NLZqzBF-AAAA:8 a=vy23_NXxkaUzvLCkHBwA:9 a=9kj_iXX8y3rVwRglMQwA:7 a=frhcV1yknH2RCPqIV_e5DhLObiMA:4 a=CjuIK1q_8ugA:10 a=MSl-tDqOz04A:10 a=_dQi-Dcv4p4A:10 a=HpAAvcLHHh0Zw7uRqdWCyQ==:117

On Sun, 27 Mar 2011 13:37:01 +0200
Mikael Magnusson <mikachu@gmail.com> wrote:
> > pws, afaict, only the first little bit of zlemetaline is needed for
> > this, ie the outcs calculation. Would it be okay to split this out to
> > a separate function and call that from get_cursor and stringaszleline?
> > Otherwise we have to copy zlemetaline first and then run
> > stringaszleline, and discard all that work, which seems silly. Or does
> > outcs actually depend on the conversion too? There's a comment that
> > suggests it doesn't, but there are some assignments to it further
> > down.

I think that would be OK.  The focus of the conversion stuff when it was
written was to be effective rather than efficient, so there are no doubt
lots of optimisations of this sort.

> Here's a patch for copying the string and doing all the work, which
> I've confirmed fixes the issue.
> 
> diff --git a/Src/Zle/zle_params.c b/Src/Zle/zle_params.c
> index 98091b2..2c35874 100644
> --- a/Src/Zle/zle_params.c
> +++ b/Src/Zle/zle_params.c
> @@ -233,8 +233,10 @@ get_cursor(UNUSED(Param pm))
>  	/* A lot of work for one number, but still... */
>  	ZLE_STRING_T tmpline;
>  	int tmpcs, tmpll, tmpsz;
> -	tmpline = stringaszleline(zlemetaline, zlemetacs,
> +	char *tmpmetaline = ztrdup(zlemetaline);
> +	tmpline = stringaszleline(tmpmetaline, zlemetacs,
>  				  &tmpll, &tmpsz, &tmpcs);
> +	free(tmpmetaline);
>  	free(tmpline);
>  	return tmpcs;
>      }

Thanks, I'll commit this.

-- 
Peter Stephenson <p.w.stephenson@ntlworld.com>
Web page now at http://homepage.ntlworld.com/p.w.stephenson/