From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 10432 invoked by alias); 8 May 2017 16:45:39 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: X-Seq: 41073 Received: (qmail 15547 invoked from network); 8 May 2017 16:45:39 -0000 X-Qmail-Scanner-Diagnostics: from mailout2.w1.samsung.com by f.primenet.com.au (envelope-from , uid 7791) with qmail-scanner-2.11 (clamdscan: 0.99.2/21882. spamassassin: 3.4.1. Clear:RC:0(210.118.77.12):SA:0(-5.0/5.0):. Processed in 1.949937 secs); 08 May 2017 16:45:39 -0000 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=-5.0 required=5.0 tests=RCVD_IN_DNSWL_HI, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RP_MATCHES_RCVD,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.1 X-Envelope-From: p.stephenson@samsung.com X-Qmail-Scanner-Mime-Attachments: | X-Qmail-Scanner-Zip-Files: | Received-SPF: none (ns1.primenet.com.au: domain at samsung.com does not designate permitted sender hosts) X-AuditID: cbfec7f5-f792f6d0000063e9-0c-5910a0a9317d Date: Mon, 08 May 2017 17:45:26 +0100 From: Peter Stephenson To: zsh-workers@zsh.org Cc: Eduardo Bustamante Subject: Re: Another Zsh parser segmentation fault (heredoc) Message-id: <20170508174526.1058d8eb@pwslap01u.europe.root.pri> In-reply-to: Organization: Samsung Cambridge Solution Centre X-Mailer: Claws Mail 3.7.9 (GTK+ 2.22.0; i386-redhat-linux-gnu) MIME-version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7bit X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrKIsWRmVeSWpSXmKPExsWy7djPc7orFwhEGlxZaWZx/MwZdouDzQ+Z HJg8ds66y+6x6uAHpgCmKC6blNSczLLUIn27BK6MJc13WQv+cVe0NHUyNTAe4+xi5OSQEDCR uDF5DhOELSZx4d56ti5GLg4hgaWMEgfP3WOGcD4zSuzo3sgC07Hj9T+oxDJGic6p/xlBEkIC /xgl3jVKQiROM0p0HL/DApE4wyhx+UgCiM0ioCrR93oHWAObgKHE1E2zwWwRAXGJs2vPg9Uz C2hJ9F/dxQ5iCwvYSNy/dwrM5hWwl2g/+ZINxOYUCJY4uvcLK4jNL6AvcfXvJ6gf7CVmXjnD CFEvKPFj8j2omToS27Y9Zoew5SU2r3kL9oGEwHR2iUUHvgA1cAA5shKbDjBDzHGRuDazgQ3C FpZ4dXwLO4QtI3F5cjc0JPoZJZ50+0LMmcEocfrMDqgGa4m+2xcZIZbxSUzaNp0ZYj6vREeb EITpITF5Sd4ERqVZSC6dheTSWUguXcDIvIpRJLW0ODc9tdhUrzgxt7g0L10vOT93EyMwMZz+ d/zrDsalx6wOMQpwMCrx8GrkCUQKsSaWFVfmHmKU4GBWEuFVmAcU4k1JrKxKLcqPLyrNSS0+ xCjNwaIkzst16lqEkEB6YklqdmpqQWoRTJaJg1OqgbFzYsOCeQH6h+ucPj9cdHvRp9Puk4Q7 JasTzi/n9WZkL6tsXNh04CCbc8GeT9IbvmV/PNR76ESqrGrh8yyOC+LX371xzdJQWVgnF880 l+FTgbr/k8vyHJfb8js2PJNbs3RNSJOx89Gn2apbP68Tq9uq463SWsgyadcfkarq/028rXt7 1+Xpr1diKc5INNRiLipOBABZEVOYCAMAAA== X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrLIsWRmVeSWpSXmKPExsVy+t/xy7onFghEGhyZz2xx/MwZdouDzQ+Z HJg8ds66y+6x6uAHpgCmKDebjNTElNQihdS85PyUzLx0W6XQEDddCyWFvMTcVFulCF3fkCAl hbLEnFIgz8gADTg4B7gHK+nbJbhlLGm+y1rwj7uipamTqYHxGGcXIyeHhICJxI7X/5ghbDGJ C/fWs3UxcnEICSxhlPg75SY7hNPAJPHzwAxGCOc0o8Sbl+9YIJwzjBJPt+1lAelnEVCV6Hu9 gxHEZhMwlJi6aTaYLSIgLnF27XmwGmYBLYn+q7vYQWxhARuJ+/dOgdm8AvYS7SdfsoHYnALB EhMe3mOCWLCMUWL2GxCHk4NfQF/i6t9PTBDH2kvMvHKGEaJZUOLH5HtwCzZva2KFsOUlNq95 C/ackIC6xI27u9knMIrMQtIyC0nLLCQtCxiZVzGKpJYW56bnFhvpFSfmFpfmpesl5+duYgRG 3bZjP7cAPfou+BCjAAejEg+vRp5ApBBrYllxZe4hRgkOZiURXoV5QCHelMTKqtSi/Pii0pzU 4kOMpsBQmsgsJZqcD0wIeSXxhiaG5paGRsYWFuZGRkrivFM/XAkXEkhPLEnNTk0tSC2C6WPi 4JRqYDT1+LBGwKXj+eLTe571fGDP6pY71bWic/2evXUGbxfu1fBftvny5WOB/wrDe+UTDnXJ hxfYvLcKnGmpNnWbvcLdlfMm6le5VL9QClgksItt8aXZf8wbX2qEc3VkyV56OXW1zmb/gDM6 D82PPmH90bs9t2ipdgv3dPae9wWF3fu/M7ulT7QKLVNiKc5INNRiLipOBAATW1fo0AIAAA== X-MTR: 20000000000000000@CPGS X-CMS-MailID: 20170508164529eucas1p2aca51a02e3716659ce0691cef8e18655 X-Msg-Generator: CA X-Sender-IP: 182.198.249.180 X-Local-Sender: =?UTF-8?B?UGV0ZXIgU3RlcGhlbnNvbhtTQ1NDLURhdGEgUGxhbmUb?= =?UTF-8?B?7IK87ISx7KCE7J6QG1ByaW5jaXBhbCBFbmdpbmVlciwgU29mdHdhcmU=?= X-Global-Sender: =?UTF-8?B?UGV0ZXIgU3RlcGhlbnNvbhtTQ1NDLURhdGEgUGxhbmUbU2Ft?= =?UTF-8?B?c3VuZyBFbGVjdHJvbmljcxtQcmluY2lwYWwgRW5naW5lZXIsIFNvZnR3YXJl?= X-Sender-Code: =?UTF-8?B?QzEwG0VIURtDMTBDRDA1Q0QwNTAwNTg=?= CMS-TYPE: 201P X-HopCount: 7 X-CMS-RootMailID: 20170508135047epcas1p1387b0bef4ef63d286a47d043880b3ce9 X-RootMTR: 20170508135047epcas1p1387b0bef4ef63d286a47d043880b3ce9 References: On Mon, 8 May 2017 08:49:49 -0500 Eduardo Bustamante wrote: > dualbus@debian:~/src/zsh/zsh$ git rev-parse HEAD > f25d01a97c61fdac5d6e0a6a8fb63b5b2b5f3393 > > dualbus@debian:~/bash-fuzzing/zsh-parser$ cat -v getredirs > 0 {^X}<<0 That's an ASCII character 24 but any single non-identifier character triggers the underlying bug. There's an off-by-one in the test for the argument, or, to use the technical phrase, crap programming. This isn't a syntax error as the {varid} syntax was added quite late, so it errs on the side of leaving irrelevant arguments alone. pws diff --git a/Src/parse.c b/Src/parse.c index b0de9a8..8769baa 100644 --- a/Src/parse.c +++ b/Src/parse.c @@ -1836,7 +1836,7 @@ par_simple(int *cmplx, int nr) if (*ptr == Outbrace && ptr > tokstr + 1) { - if (itype_end(tokstr+1, IIDENT, 0) >= ptr - 1) + if (itype_end(tokstr+1, IIDENT, 0) >= ptr) { char *toksave = tokstr; char *idstring = dupstrpfx(tokstr+1, eptr-tokstr-1); diff --git a/Test/A04redirect.ztst b/Test/A04redirect.ztst index 2671080..cb82751 100644 --- a/Test/A04redirect.ztst +++ b/Test/A04redirect.ztst @@ -165,6 +165,15 @@ ?About to close a second time *?\(eval\):*: failed to close file descriptor * + eval $'fn-varid() { print {\x18}<<0 }' + { which -x2 fn-varid; fn-varid } | tr $'\x18' '?' +0:Regression test for off-by-one in varid check +>fn-varid () { +> print {?} <<0 +>0 +>} +>{?} + print foo >&- 0:'>&-' redirection