From: Peter Stephenson <p.w.stephenson@ntlworld.com>
To: "Zsh Hackers' List" <zsh-workers@zsh.org>
Subject: Re: zsh 4.3.13 released
Date: Sat, 3 Dec 2011 22:56:10 +0000 [thread overview]
Message-ID: <20111203225610.2d32f20a@pws-pc.ntlworld.com> (raw)
In-Reply-To: <20111203221953.GA18173@coredump.raveland.priv>
On Sat, 3 Dec 2011 23:19:54 +0100
ports@raveland.org wrote:
> % zmodload -i bogus/notamodule
> Segmentation fault (core dumped)
>....
> #0 0x000000000048f5bc in metafy (buf=0x207a096d7 "File not found", len=14, heap=1) at utils.c:4006
> 4006 *e = '\0';
> (gdb) bt
> #0 0x000000000048f5bc in metafy (buf=0x207a096d7 "File not found", len=14, heap=1) at utils.c:4006
heap=1 is META_USEHEAP: "get memory from the heap. This leaves buf
unchanged." However, the function unconditionally attempts to add nullL
termination. A defence lawyer could probably claim that adding a null
when there was one already there wasn't actually modification. Not sure
how we've avoided seeing this before.
It seems some parts of the code are relying on the fact that the NULL
gets added even if the string doesn't need metafying. Treating the
absence of NULL termination as a reason for modifying the buffer was the
neatest of the three fixes I came up with.
Index: Src/utils.c
===================================================================
RCS file: /cvsroot/zsh/zsh/Src/utils.c,v
retrieving revision 1.264
diff -p -u -r1.264 utils.c
--- Src/utils.c 15 Nov 2011 15:08:57 -0000 1.264
+++ Src/utils.c 3 Dec 2011 22:51:19 -0000
@@ -3959,7 +3959,7 @@ metafy(char *buf, int len, int heap)
if (imeta(*e++))
meta++;
- if (meta || heap == META_DUP || heap == META_HEAPDUP) {
+ if (meta || heap == META_DUP || heap == META_HEAPDUP || *e != '\0') {
switch (heap) {
case META_REALLOC:
buf = zrealloc(buf, len + meta + 1);
@@ -4002,8 +4002,8 @@ metafy(char *buf, int len, int heap)
meta--;
}
}
+ *e = '\0';
}
- *e = '\0';
return buf;
}
--
Peter Stephenson <p.w.stephenson@ntlworld.com>
Web page now at http://homepage.ntlworld.com/p.w.stephenson/
next prev parent reply other threads:[~2011-12-03 23:04 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <15488.1322689558@pws-pc.ntlworld.com>
2011-12-01 12:27 ` Oliver Kiddle
2011-12-01 12:52 ` Peter Stephenson
2011-12-01 21:27 ` PATCH: test output pattern matching Peter Stephenson
2011-12-02 17:03 ` ports
2011-12-02 17:23 ` Peter Stephenson
2011-12-03 19:17 ` ports
2011-12-01 23:48 ` zsh 4.3.13 released Baptiste Daroussin
2011-12-02 13:34 ` Peter Stephenson
2011-12-02 23:06 ` Baptiste Daroussin
[not found] ` <20111203191925.GB1294@coredump.raveland.priv>
2011-12-03 19:44 ` Peter Stephenson
2011-12-03 22:19 ` ports
2011-12-03 22:56 ` Peter Stephenson [this message]
2011-12-04 12:42 ` ports
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20111203225610.2d32f20a@pws-pc.ntlworld.com \
--to=p.w.stephenson@ntlworld.com \
--cc=zsh-workers@zsh.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).