From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 10015 invoked by alias); 14 Jan 2018 06:06:07 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: List-Unsubscribe: X-Seq: 42267 Received: (qmail 26293 invoked by uid 1010); 14 Jan 2018 06:06:07 -0000 X-Qmail-Scanner-Diagnostics: from mail-pl0-f66.google.com by f.primenet.com.au (envelope-from , uid 7791) with qmail-scanner-2.11 (clamdscan: 0.99.2/21882. spamassassin: 3.4.1. Clear:RC:0(209.85.160.66):SA:0(1.8/5.0):. Processed in 4.11099 secs); 14 Jan 2018 06:06:07 -0000 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on f.primenet.com.au X-Spam-Level: * X-Spam-Status: No, score=1.8 required=5.0 tests=BAYES_00,FREEMAIL_FROM, FSL_HELO_FAKE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_PASS, T_DKIM_INVALID autolearn=no autolearn_force=no version=3.4.1 X-Envelope-From: joeypabalinas@gmail.com X-Qmail-Scanner-Mime-Attachments: |signature.asc| X-Qmail-Scanner-Zip-Files: | DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:mime-version:content-disposition :user-agent; bh=WzPbGB/+QARWxTM8urSUdIeVK7meItui038lw0jXNPw=; b=dRLPiJaTZsOHVLdt6d1Wq3TrVXXy8XKMrTcBCCLzbxMDYcdO4Ae5nlM/u2MHUz9P9u sV9u0lrXeeEHm0RHL6QA0K9umIf+XSuXFCooW7l9IpXq+rdDjbsq7+F1nlem3gBFGXMI fu4pVEfFGbER2ka5adqxxCljxSSdHMYixJFs6zjinme/p19mL5P0XNHFuvPTUUpqjn+T zoTSVoEqO3bChhVwdQH94CNmqEH51XeRMxlkS4Qx4D3KWL6B8LDLrAgUFzZTScOWGRDd vj2Bj1y0WO50LApXzMA4XfXqb/n+KzBJhnjYBROQi6aQkVVN5ao6D4lDD/v47+4gpSGV Oaeg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition:user-agent; bh=WzPbGB/+QARWxTM8urSUdIeVK7meItui038lw0jXNPw=; b=mJLw84LsoN8AsFGNs+2X/Y8p/ctRP+PxNnFgTRM0vXfLhkfFEXe5iqB03OQNPuvM6U 66OWx0k2lvtYcv0fZh1yNUZx0P7Z3V+ISRF5zWBBpds8cscQyOsyb8a2J1sIgxgBs6Zz hkP3qyI4H6i4INzUIBBSKMS9/BiZ0s4L8F8uRXEGzdLX+SuLdJ3wbxfZ8J5RalFG4J2r z+ts4st6qaFFd+sUe93HuRrzJr1hQ5pWbA3DyoLQcTeOwixhaBtlYvQw+3qksYvhQHyf y0pWTulsnYOYYi9MuEH7hZeSRDqsck2tjJtPWHZpgo77tSVUACEEAgNJ6u10KV8oE/Z2 TqiA== X-Gm-Message-State: AKwxyte8vhD1jjWa1lmHZnpp0LMIWSkHuxihchgU+7WiUcI0DKBodlVd c+/PEj/0oexsIFAqpGc+bnnkYQ== X-Google-Smtp-Source: ACJfBovnuULfn6coAGMHj0ShHi7egtMHXm97d7zk0NRS//HoiE/aHItNLKkfqNRvWq3vLKq11oJmNQ== X-Received: by 10.159.207.152 with SMTP id z24mr3924184plo.311.1515909960782; Sat, 13 Jan 2018 22:06:00 -0800 (PST) Date: Sat, 13 Jan 2018 20:05:57 -1000 From: Joey Pabalinas To: zsh-workers@zsh.org Cc: Joey Pabalinas Subject: [PATCH] jp: fix segfaults during parameter expansion Message-ID: <20180114060557.hmrvpg6t4rdebgv6@gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="3rfz73unefgpsoku" Content-Disposition: inline User-Agent: NeoMutt/20171215 --3rfz73unefgpsoku Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Running `zsh -fc ': ${${(PAA)p[foo]}::=3Dx}'` in current zsh versions cause= s: > "segmentation fault (core dumped) zsh -fc '(: ${${(PAA)p[foo]}::=3Dx})' Also happens when testing with machabot: > 19:42 > : ${${(PAA)p[foo]}::=3Dx} > 19:42 jp: zsh[248]: segfault at 0 ip b7dfcda3 sp bfeb9ebc > error 4 in libc-2.13.so[b7d84000+149000] Add checks to catch NULL dereferences. Signed-off-by: Joey Pabalinas 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/Src/params.c b/Src/params.c index de7730ae735a44963c..9516185015d878b553 100644 --- a/Src/params.c +++ b/Src/params.c @@ -2016,6 +2016,9 @@ fetchvalue(Value v, char **pptr, int bracks, int flag= s) char sav, c; int ppar =3D 0; =20 + if (!*pptr) + return NULL; + s =3D t =3D *pptr; =20 if (idigit(c =3D *s)) { diff --git a/Src/string.c b/Src/string.c index 9e14ef94919c3e8ec5..7ad8ca7589199e8170 100644 --- a/Src/string.c +++ b/Src/string.c @@ -144,7 +144,12 @@ dyncat(const char *s1, const char *s2) { /* This version always uses space from the current heap. */ char *ptr; - size_t l1 =3D strlen(s1); + size_t l1; + + if (!s1 || !s2) + return NULL; + + l1 =3D strlen(s1); =20 ptr =3D (char *)zhalloc(l1 + strlen(s2) + 1); strcpy(ptr, s1); diff --git a/Src/subst.c b/Src/subst.c index d027e3d83cadc631a7..c423bc8433c590a89c 100644 --- a/Src/subst.c +++ b/Src/subst.c @@ -2577,7 +2577,7 @@ paramsubst(LinkList l, LinkNode n, char **str, int qt= , int pf_flags, * the local value system, or we need to get rid of brackets * even if there isn't a v. */ - while (v || ((inbrace || (unset(KSHARRAYS) && vunset)) && isbrack(*s))= ) { + while (v || ((inbrace || (unset(KSHARRAYS) && vunset)) && s && isbrack= (*s))) { if (!v) { /* * Index applied to non-existent parameter; we may or may @@ -2703,6 +2703,8 @@ paramsubst(LinkList l, LinkNode n, char **str, int qt= , int pf_flags, * examine properly later on. */ if (inbrace) { + if (!s) + return NULL; c =3D *s; if (!IS_DASH(c) && c !=3D '+' && c !=3D ':' && c !=3D '%' && c !=3D '/' && --=20 2.15.1 --3rfz73unefgpsoku Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKlZXrihdNOcUPZTNruvLfWhyVBkFAlpa80UACgkQruvLfWhy VBla2xAA4ufwfwHEhCjOB4WvFs4Iu3J6mBD5/8gBznsD9vNVIDI6tMs1vto18TmK K6nBh27++qgW1XFMjAGNOxwP5MmmQZ5VoFuP/94YLAfuBW18pVaR0/Mr2qhUGLDB T4g2KpBnpZc7RF2R09GfzyATa2zAqv5Ag7tdJRhTFJpp0Dtx58p2V/UtEZZwmq0p kW7CeBrYnG7pd/g5huzdJQ1cO3fvoKD0EQTQw3jgqWLD4SebKbVMYMXuCLtHGIYt aQloBFEgk4752jBJJJmStxZAysGYSDbfnsmfB+ufEhFL4U5Zi90UINhV5XEfr+Ea KooAUNZzfQlLD+ti/Ld0oFHEKo8km83sxOgJLX42HxdQ3xyuyjgGHGRKFu3/xrP+ Ij1X6LDFmhfN80UF+AeTorfipowcCCmiPG6lizMlphQ69ZIfEtUefhi0Vfv3XHWM wyKGRzoFev1cK2IUSEqL/aDqkypk9NyPmkGk+/XWQqFDczz3fOnIj5gCzdMrHQdR W4QfZLjTcYgs97f6IzTUoD/4JsLqQyBu7Xgltyk4x5L5PvsfbIyLFKnBupdkk+Xx RjNLbrCRLByPiSTPWGf5eRQIdmVwINFnntsO82XyGCx2hVF5a0IhG3hmzqBQWEHg kxPZpkOaAQgikqgNDy7BMddPbn7uGgno1ch2CM+LB5sesqY51RY= =sZrs -----END PGP SIGNATURE----- --3rfz73unefgpsoku--