From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <zsh-workers-return-34070-mason-zsh=primenet.com.au@zsh.org>
Received: (qmail 13098 invoked by alias); 29 Dec 2014 00:57:19 -0000
Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm
Precedence: bulk
X-No-Archive: yes
List-Id: Zsh Workers List <zsh-workers.zsh.org>
List-Post: <mailto:zsh-workers@zsh.org>
List-Help: <mailto:zsh-workers-help@zsh.org>
X-Seq: 34070
Received: (qmail 14952 invoked from network); 29 Dec 2014 00:57:04 -0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on f.primenet.com.au
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.2
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
	daniel.shahaf.name; h=x-sasl-enc:date:from:to:cc:subject
	:message-id:references:mime-version:content-type:in-reply-to; s=
	mesmtp; bh=SFy2bzp8Y44kskw7b6B+Vc6i1Bg=; b=H3DMZV1QiQcC8bEJBoF7i
	3IEhSM2K+8ZotmumtEXlFELAPG6Kd+x9PX9XoRSqlcS+x0FuUc+Jkqxs0lqOm8tr
	M1jWBFBSGmYeB52jT99WYeLa0JCh6A8cd37kCP3tDlns8UI+MC6KOStP6mkj2D1h
	zZDrgwLiiwFsGWi8+jPaJ4=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
	messagingengine.com; h=x-sasl-enc:date:from:to:cc:subject
	:message-id:references:mime-version:content-type:in-reply-to; s=
	smtpout; bh=SFy2bzp8Y44kskw7b6B+Vc6i1Bg=; b=BTuEkZ6r8FPVDZfc7d+l
	YT0Fe6kLdGRRjsVSjt2LO+8ERf/jxkyt/KLERR1Oi+xh4A5XnwB7tWBE7llbpsyO
	BWC6lz2D+KEXe2lP2ay9by5W4wQiVhup8Ae5PUpalPsogQDiWj5JbZeQOIPWT1NO
	1AmXpjUGiRMeqSaPwiq0378=
X-Sasl-enc: uTn3VnOAvixGeufXfR1FfT2nIV96+BvR4SGIfBfnrmL3 1419814622
Date: Mon, 29 Dec 2014 00:57:00 +0000
From: Daniel Shahaf <d.s@daniel.shahaf.name>
To: Peter Stephenson <p.w.stephenson@ntlworld.com>
Cc: zsh-workers@zsh.org
Subject: Re: Complex config triggering Segfault in pattern matching code.
Message-ID: <20141229005700.GB1737@tarsus.local2>
References: <CAAW2-Zf8azHg+pWfSYEWQhBgagqY7cPQNbjB7x+q76j7fQDT8g@mail.gmail.com>
 <141213152840.ZM16632@torch.brasslantern.com>
 <CAAW2-ZdW+j655-8dnzTYr-qK6bee0is806E+S3QG-bZumz70Ww@mail.gmail.com>
 <141213204032.ZM16766@torch.brasslantern.com>
 <20141214182021.1944bbcd@pws-pc.ntlworld.com>
 <CAAW2-Zft+xzCfSYF4O9F5TnaYqODdr8P_ZisPTPHQK8qyeGuVw@mail.gmail.com>
 <141215153936.ZM17826@torch.brasslantern.com>
 <CAAW2-Zdr7MP_eHDzTjyHarjZCL_iu6AuRJiQL3eH0phSb=1UiA@mail.gmail.com>
 <141217221400.ZM13648@torch.brasslantern.com>
 <20141218190924.0f08548b@pws-pc.ntlworld.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20141218190924.0f08548b@pws-pc.ntlworld.com>
User-Agent: Mutt/1.5.21 (2010-09-15)

Peter Stephenson wrote on Thu, Dec 18, 2014 at 19:09:24 +0000:
> @@ -450,10 +451,15 @@ set_region_highlight(UNUSED(Param pm), char **aval)
>      len = aval ? arrlen(aval) : 0;
>      if (n_region_highlights != len + N_SPECIAL_HIGHLIGHTS) {
>  	/* no null termination, but include special highlighting at start */
> -	n_region_highlights = len + N_SPECIAL_HIGHLIGHTS;
> +	int newsize = len + N_SPECIAL_HIGHLIGHTS
> +	int diffsize = newsize - n_region_highlights;
>  	region_highlights = (struct region_highlight *)
>  	    zrealloc(region_highlights,
> -		     sizeof(struct region_highlight) * n_region_highlights);
> +		     sizeof(struct region_highlight) * newsize);
> +	if (diffsize > 0)
> +	    memset(region_highlights + newsize, 0,
> +		   sizeof(struct region_highlight) * diffsize);
> +	n_region_highlights = newsize;
>      }
>  

The arguments to memset() are wrong:

diff --git a/Src/Zle/zle_refresh.c b/Src/Zle/zle_refresh.c
index c146e46..fe33799 100644
--- a/Src/Zle/zle_refresh.c
+++ b/Src/Zle/zle_refresh.c
@@ -457,7 +457,7 @@ set_region_highlight(UNUSED(Param pm), char **aval)
 	    zrealloc(region_highlights,
 		     sizeof(struct region_highlight) * newsize);
 	if (diffsize > 0)
-	    memset(region_highlights + newsize, 0,
+	    memset(region_highlights + newsize - diffsize, 0,
 		   sizeof(struct region_highlight) * diffsize);
 	n_region_highlights = newsize;
     }

(Found via glibc's "glibc detected memory corruption" runtime check.)

Cheers,

Daniel

>      if (!aval)
> 
> -- 
> Peter Stephenson <p.w.stephenson@ntlworld.com>
> Web page now at http://homepage.ntlworld.com/p.w.stephenson/