From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <zsh-workers-return-30127-mason-zsh=primenet.com.au@zsh.org>
Received: (qmail 7862 invoked by alias); 26 Jan 2012 20:57:16 -0000
Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm
Precedence: bulk
X-No-Archive: yes
List-Id: Zsh Workers List <zsh-workers.zsh.org>
List-Post: <mailto:zsh-workers@zsh.org>
List-Help: <mailto:zsh-workers-help@zsh.org>
X-Seq: 30127
Received: (qmail 22236 invoked from network); 26 Jan 2012 20:57:13 -0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on f.primenet.com.au
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW
	autolearn=ham version=3.3.2
Received-SPF: neutral (ns1.primenet.com.au: 74.125.82.171 is neither permitted nor denied by SPF record at ntlworld.com)
X-ProxyUser-IP: 86.6.29.42
Date: Thu, 26 Jan 2012 20:57:02 +0000
From: Peter Stephenson <p.w.stephenson@ntlworld.com>
To: zsh-workers@zsh.org
Subject: Re: Obscure zsh history overflow with segfault
Message-ID: <20120126205702.6c3e2ab2@pws-pc.ntlworld.com>
In-Reply-To: <120124122819.ZM31632@torch.brasslantern.com>
References: <87ty3q5ffx.fsf@gmail.com>
	<20120121023957.GA2643@daniel3.local>
	<120124122819.ZM31632@torch.brasslantern.com>
X-Mailer: Claws Mail 3.8.0 (GTK+ 2.24.7; x86_64-redhat-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

On Tue, 24 Jan 2012 12:28:19 -0800
Bart Schaefer <schaefer@brasslantern.com> wrote:

> On Jan 21,  4:39am, Daniel Shahaf wrote:
> }
> } Apparently, 'r 100 foo' should re-execute the portion of your history
> } from event #100 to event 'foo'.
> } 
> } Sounds like a bad idea...
> 
> Interesting.  Here we are:
> 
> 1516                /*
> 1517                 * Nasty behaviour results if we use the current history
> 1518                 * line here.  Treat it as if it doesn't exist, unless
> 1519                 * that gives us an empty range.
> 1520                 */
> 1521                if (last >= curhist) {
> 1522                    last = curhist - 1;
> 1523                    if (first > last) {
> 1524                        unqueue_signals();
> 1525                        zwarnnam("fc",
> 1526                          "current history line would recurse endlessly, aborted");
> 1527                        fclose(out);
> 1528                        unlink(fil);
> 1529                        return 1;
> 1530                    }
> 1531                }
> 
> In the situation in this bug, first > last is true but last >= curhist
> is false.  I believe that means that even though this is an infinite
> loop, we don't detect that it will be.

I'm not really following the problem, but do you mean something like
this?

Index: Src/builtin.c
===================================================================
RCS file: /cvsroot/zsh/zsh/Src/builtin.c,v
retrieving revision 1.254
diff -p -u -r1.254 builtin.c
--- Src/builtin.c	29 Aug 2011 17:21:40 -0000	1.254
+++ Src/builtin.c	26 Jan 2012 20:56:28 -0000
@@ -1652,6 +1652,12 @@ fclist(FILE *f, Options ops, zlong first
 	last = first;
 	first = tmp;
     }
+    if (first > last) {
+	zwarnnam("fc", "history events are in wrong order, aborted");
+	if (f != stdout)
+	    fclose(f);
+	return 1;
+    }
     /* suppress "no substitution" warning if no substitution is requested */
     if (!subs)
 	fclistdone = 1;

-- 
Peter Stephenson <p.w.stephenson@ntlworld.com>
Web page now at http://homepage.ntlworld.com/p.w.stephenson/