From: Theo Buehler <theo@math.ethz.ch>
To: <zsh-workers@zsh.org>
Cc: <pea@openbsd.org>
Subject: Segfault because metafy() writes to a const char
Date: Wed, 18 Feb 2015 16:30:12 +0100 [thread overview]
Message-ID: <20150218153012.GB18324@math.ethz.ch> (raw)
When trying to load a non-existent module with
% zmodload bla
both with zsh versions 5.0.5 and 5.0.7 on OpenBSD 5.7 (-current), zsh
crashes and dumps core.
Here's a backtrace of the crash
#0 0x0000176db68ab49f in metafy (buf=0x17700e20cfdf "File not found", len=14, heap=1) at utils.c:4116
4116 *e = '\0';
(gdb) bt
#0 0x0000176db68ab49f in metafy (buf=0x17700e20cfdf "File not found", len=14, heap=1) at utils.c:4116
#1 0x0000176db686ad2a in do_load_module (name=0x17702e8d7a38 "bla", silent=0) at module.c:1600
#2 0x0000176db686b9b8 in load_module (name=0x17702e8d7a38 "bla", enablesarr=0x0, silent=0)
at module.c:2202
#3 0x0000176db686c523 in require_module (module=0x17702e8d7a38 "bla", features=0x0) at module.c:2335
#4 0x0000176db686dfc5 in bin_zmodload_load (nam=0x17702e8d7a28 "zmodload", args=0x17702e8d7a48,
ops=0x7f7fffff9050) at module.c:2971
#5 0x0000176db686cce2 in bin_zmodload (nam=0x17702e8d7a28 "zmodload", args=0x17702e8d7a48,
ops=0x7f7fffff9050, func=0) at module.c:2486
#6 0x0000176db6817ff0 in execbuiltin (args=0x17702e8d79e0, bn=0x176db6abb400) at builtin.c:450
#7 0x0000176db6835f19 in execcmd (state=0x7f7fffff9710, input=0, output=0, how=18, last1=2)
at exec.c:3378
#8 0x0000176db6830e6f in execpline2 (state=0x7f7fffff9710, pcode=131, how=18, input=0, output=0, last1=0)
at exec.c:1697
#9 0x0000176db68302a8 in execpline (state=0x7f7fffff9710, slcode=4098, how=18, last1=0) at exec.c:1484
#10 0x0000176db682f9e3 in execlist (state=0x7f7fffff9710, dont_change_job=0, exiting=0) at exec.c:1267
#11 0x0000176db682f309 in execode (p=0x17702e8d7918, dont_change_job=0, exiting=0,
context=0x176db69b35d7 "toplevel") at exec.c:1073
#12 0x0000176db684f1bb in loop (toplevel=1, justonce=0) at init.c:185
#13 0x0000176db6852f1d in zsh_main (argc=1, argv=0x7f7fffff9898) at init.c:1638
#14 0x0000176db68174df in main (argc=1, argv=0x7f7fffff9898) at ./main.c:93
(gdb) %
The following patch fixes this problem for me, however, it effectively
undoes a patch discussed in this thread:
http://www.zsh.org/mla/workers/2013/msg01089.html
and, especially here:
http://www.zsh.org/mla/workers/2013/msg01091.html
--- Src/utils.c.orig Wed Feb 18 15:32:20 2015
+++ Src/utils.c Wed Feb 18 15:32:44 2015
@@ -4069,7 +4069,7 @@ metafy(char *buf, int len, int heap)
if (imeta(*e++))
meta++;
- if (meta || heap == META_DUP || heap == META_HEAPDUP) {
+ if (meta || heap == META_DUP || heap == META_HEAPDUP || *e != '\0') {
switch (heap) {
case META_REALLOC:
buf = zrealloc(buf, len + meta + 1);
@@ -4112,8 +4112,8 @@ metafy(char *buf, int len, int heap)
meta--;
}
}
+ *e = '\0';
}
- *e = '\0';
return buf;
}
next reply other threads:[~2015-02-18 15:38 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-18 15:30 Theo Buehler [this message]
2015-02-18 16:49 ` Bart Schaefer
2015-02-19 9:52 ` Theo Buehler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150218153012.GB18324@math.ethz.ch \
--to=theo@math.ethz.ch \
--cc=pea@openbsd.org \
--cc=zsh-workers@zsh.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).