[PATCH] don't let char class disturb end finding

[PATCH] don't let char class disturb end finding

[Han Pingtian]

Please review this patch. Thanks.

This patch try to fix this problem:

compadd -M '[[:lower:]123456]=...' will cause the end of class to be the
']' before 1 and will alloc range of memory less than enough for the
cpattern.
---
 Src/Zle/complete.c | 28 ++++++++++++++++++++++++----
 1 file changed, 24 insertions(+), 4 deletions(-)

diff --git a/Src/Zle/complete.c b/Src/Zle/complete.c
index ea5e41f..c3c6ac2 100644
--- a/Src/Zle/complete.c
+++ b/Src/Zle/complete.c
@@ -393,9 +393,12 @@ parse_pattern(char *name, char **sp, int *lp, char e, int *err)
 
 	if (*s == '[' || *s == '{') {
 	    s = parse_class(n, s);
-	    if (!*s) {
+	    if (!s || !*s) {
 		*err = 1;
-		zwarnnam(name, "unterminated character class");
+		if (!s)
+		    zwarnnam(name, "invalid character class");
+		else
+		    zwarnnam(name, "unterminated character class");
 		return NULL;
 	    }
 	    s++;
@@ -439,7 +442,7 @@ parse_pattern(char *name, char **sp, int *lp, char e, int *err)
 static char *
 parse_class(Cpattern p, char *iptr)
 {
-    int endchar, firsttime = 1;
+    int endchar, firsttime = 1, rf = 0;
     char *optr, *nptr;
 
     if (*iptr++ == '[') {
@@ -456,9 +459,24 @@ parse_class(Cpattern p, char *iptr)
     }
 
     /* find end of class.  End character can appear literally first. */
-    for (optr = iptr; optr == iptr || *optr != endchar; optr++)
+    for (optr = iptr; optr == iptr || *optr != endchar; optr++) {
 	if (!*optr)
 	    return optr;
+	if (endchar == ']') {
+	    if (!rf && *optr == '[' && optr[1] == ':') {
+		rf--;	//range start likely
+		optr++;
+	    } else if (rf < 0) {
+		if (*optr == ':' && optr[1] == ']') {
+		    rf++;
+		    optr++;
+		}
+	    }
+	}
+    }
+    if (rf < 0)
+	return NULL;
+
     /*
      * We can always fit the parsed class within the same length
      * because of the tokenization (including a null byte).
@@ -479,6 +497,8 @@ parse_class(Cpattern p, char *iptr)
 	    iptr = nptr + 2;
 	    if (ch != PP_UNKWN)
 		*optr++ = STOUC(Meta) + ch;
+	    else
+		return NULL;
 	} else {
 	    /* characters stay metafied */
 	    char *ptr1 = iptr;
-- 
1.9.3

Re: [PATCH] don't let char class disturb end finding

[Bart Schaefer]

On Jun 17,  2:16pm, Han Pingtian wrote:
}
} This patch try to fix this problem:
} 
} compadd -M '[[:lower:]123456]=...' will cause the end of class to be the
} ']' before 1 and will alloc range of memory less than enough for the
} cpattern.

I don't see anything obviously wrong with the patch, but when I try the
above example directly I get "unknown match specification character `['"
both before and after applying your patch (and no complaints of memory
misuse from valgrind, even before your patch).  Is that the correct
example to reproduce the error?

I also tried '[[:lower:]123456]=[[:upper:]abcdef]' with the same result.

Re: [PATCH] don't let char class disturb end finding

[Han Pingtian]

On Wed, Jun 17, 2015 at 08:23:05AM -0700, Bart Schaefer wrote:
> On Jun 17,  2:16pm, Han Pingtian wrote:
> }
> } This patch try to fix this problem:
> } 
> } compadd -M '[[:lower:]123456]=...' will cause the end of class to be the
> } ']' before 1 and will alloc range of memory less than enough for the
> } cpattern.
> 
> I don't see anything obviously wrong with the patch, but when I try the
> above example directly I get "unknown match specification character `['"
> both before and after applying your patch (and no complaints of memory
> misuse from valgrind, even before your patch).  Is that the correct
> example to reproduce the error?
> 
> I also tried '[[:lower:]123456]=[[:upper:]abcdef]' with the same result.

Sorry, my fault. It should be 'M:[[:lower:]123456]=[[:upper:]abcdef]'
and for triggering memory misuse, I think we should use someting like
'M:[[:a:]123456]=[[:b:]abcdef]'. Then 

 469     optr = p->u.str = zhalloc((optr-iptr) + 1);

will alloc a memory 5 bytes long, but latter it will put 6 bytes into
this memory.