From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 16193 invoked by alias); 14 Jan 2018 15:23:52 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: List-Unsubscribe: X-Seq: 42274 Received: (qmail 28546 invoked by uid 1010); 14 Jan 2018 15:23:52 -0000 X-Qmail-Scanner-Diagnostics: from mail-pg0-f67.google.com by f.primenet.com.au (envelope-from , uid 7791) with qmail-scanner-2.11 (clamdscan: 0.99.2/21882. spamassassin: 3.4.1. Clear:RC:0(74.125.83.67):SA:0(-1.9/5.0):. Processed in 1.135989 secs); 14 Jan 2018 15:23:52 -0000 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_PASS, T_DKIM_INVALID autolearn=ham autolearn_force=no version=3.4.1 X-Envelope-From: joeypabalinas@gmail.com X-Qmail-Scanner-Mime-Attachments: | X-Qmail-Scanner-Zip-Files: | DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=kbA/jB5qx1cG5Xy+k5EEdi17hj3byGtlj1CG83gU2hY=; b=UbaVQdSyMGgv4xS/9R2hYHByZgVilDzgR5Y0GO0rknDG9cYfUf+Lbnxn5WzkN/1zBt L4cgBO+HghwgIjVd3rjKtrxtWK6e3oq1nEZkR0+QDVVot1xuQ7z0VHrR60DIflGTUaWP JLhzBpwy7Rww/gWc6hp0nM3t85DuGzuG/spVr0uAiez4D/3w3RT6gnnotmTERY05ymnZ WMbtP/8uTBmNJlN750gbLhXLQp7SawBqbnHRUf+14QwyRmfU2W9eCJZxFD1mkunIV5qM mchFnfEGR/tyxZpDQtJq1MNQrYUFPc01/C5RNViD6nDM4YFYaY0x29UqCRns8FeiHKPp /nJQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=kbA/jB5qx1cG5Xy+k5EEdi17hj3byGtlj1CG83gU2hY=; b=oiGG/aFIOyMJwltZxu8lyFoT+TsHCTfUklxVVyG033tSjVyPoiMYlVAQdnjieO0gOM ZfwU2iT2dv+gTytiBOegbCiOWzgjb+TElQHDgQ9p627d73QiUKEXy3X2CcylH7F24mYJ /m7HrhpGHQjVt24Qu2KPYNtNxEwTEzq83O54UIrKvPiHxHL2O8kAuCBJaWRbpSTEDZOX vxk7o8voRRZ7fc7MxFmIWXj8WvgHUtBmLRnTHu+EaXvuQ6asf8o/BP9BTIWjDid07vAC 8+5VqMUaLlBNNSZ2pmzCEZx9TKAdTDBYA8GU+ajdWSYpItE2NyKkKkvFw/lZdszhtuaC 24iQ== X-Gm-Message-State: AKGB3mIR2RtJOu8T7zrSVlG5Itxt+ZuZuaTBNdM4bHdADAXft3bXiiNn 112Ll5lCB4rBHjwqIvhGkpZY7A== X-Google-Smtp-Source: ACJfBosvNswgJg5fgwYIUtYuawi7tn9Md+ryXxW8zDm/SFOL92w1L+8arw21T0OH6cLMcKUFvTIojw== X-Received: by 10.99.181.78 with SMTP id u14mr24847589pgo.369.1515943428929; Sun, 14 Jan 2018 07:23:48 -0800 (PST) From: Joey Pabalinas To: schaefer@brasslantern.com Cc: dana@dana.is, zsh-workers@zsh.org, Joey Pabalinas Subject: [PATCH 1/3] jp: Fix segfaults during parameter expansion Date: Sun, 14 Jan 2018 05:23:42 -1000 Message-Id: <20180114152344.12018-2-joeypabalinas@gmail.com> X-Mailer: git-send-email 2.15.1 In-Reply-To: <20180114152344.12018-1-joeypabalinas@gmail.com> References: <20180114152344.12018-1-joeypabalinas@gmail.com> Running: > $ zsh -fc ': ${${(PAA)p[foo]}::=x}'` in current zsh versions causes: > > [1] 4441 segmentation fault (core dumped) zsh -fc ': ${${(PAA)p[foo]}::=x}' Also happens when testing with machabot: > 19:42 > : ${${(PAA)p[foo]}::=x} > 19:42 jp: zsh[248]: segfault at 0 ip b7dfcda3 sp bfeb9ebc > error 4 in libc-2.13.so[b7d84000+149000] Add a simple `dupstring(s2)` fallback instead of pointlessly trying to concatenate `s2` to NULL and segfaulting. Signed-off-by: Joey Pabalinas 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/Src/string.c b/Src/string.c index 9e14ef94919c3e8ec5..038624d65a9f533494 100644 --- a/Src/string.c +++ b/Src/string.c @@ -144,8 +144,12 @@ dyncat(const char *s1, const char *s2) { /* This version always uses space from the current heap. */ char *ptr; - size_t l1 = strlen(s1); + size_t l1; + /* String duplicate fallback to prevent NULL derefs */ + if (!s1) + return dupstring(s2); + l1 = strlen(s1); ptr = (char *)zhalloc(l1 + strlen(s2) + 1); strcpy(ptr, s1); strcpy(ptr + l1, s2); @@ -158,8 +162,12 @@ bicat(const char *s1, const char *s2) { /* This version always uses permanently-allocated space. */ char *ptr; - size_t l1 = strlen(s1); + size_t l1; + /* String duplicate fallback to prevent NULL derefs */ + if (!s1) + return dupstring(s2); + l1 = strlen(s1); ptr = (char *)zalloc(l1 + strlen(s2) + 1); strcpy(ptr, s1); strcpy(ptr + l1, s2); -- 2.15.1