From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.4 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 14842 invoked from network); 12 Feb 2023 09:47:05 -0000 Received: from zero.zsh.org (2a02:898:31:0:48:4558:7a:7368) by inbox.vuxu.org with ESMTPUTF8; 12 Feb 2023 09:47:05 -0000 ARC-Seal: i=1; cv=none; a=rsa-sha256; d=zsh.org; s=rsa-20210803; t=1676195225; b=GZwAZ76Q4ruPmyHPJm41gFdhzIZzmE249sRVXDjimerM2YtHdiliFmCf7SurtH69XA6k8QBVzI KcpI2iXz9MPnt4WRf+zuVQbvO6S16w/iujewJLC2SZ5JqUdaNiwViyjZkt1EQVZn9KbuV0OgC3 040uFG4emVU3u4Va5XUmoBPseCG6KH0jKB6hdeTLA1r8RqNjhoXDopbxM20Ol1O0nmwZzvRNa1 YAQikIx/yKUxoIr7RULkZ3PduCNCl9V9aooqLkWuRCrPucEEuSAA9q3Ncl3tt/HqrKrZ0Bdmsa 5y5XM7Q2dMXoCEi1UqYwXBqbpW4uDDtonlcgNfdpK/3kfA==; ARC-Authentication-Results: i=1; zsh.org; iprev=pass (mx1.riseup.net) smtp.remote-ip=198.252.153.129; dkim=pass header.d=riseup.net header.s=squak header.a=rsa-sha256; dmarc=pass header.from=riseup.net; arc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed; d=zsh.org; s=rsa-20210803; t=1676195225; bh=Jb/n5eK7pofjBa6AD5T/+BMwPaV+VMGXMKj80xjjaBc=; h=List-Archive:List-Owner:List-Post:List-Unsubscribe:List-Subscribe:List-Help: List-Id:Sender:Content-Transfer-Encoding:Content-Type:Message-ID:Subject:To: From:Date:MIME-Version:DKIM-Signature:DKIM-Signature; b=RX+ahUB224IHoRhbq7g70HRbygJmgXC/xHBkbCYg/oez55TIevp0cJbzG4BetTPM+SiWZSjxj/ eNBYbcOflOb26yJK8KNtojDaIpDT94tBgwToM5vQ7Oampazac4XV/STEy0N+pHb9nXycr0Cwnm 1TgE3lm5+QNbkYsoVG2lkGO816JO4KqfBG6xnG1uIwtBNEfpHm46otnEFNKL6NyeNENtgyK+gN TRHPXJzf6/AoOnv56VEWlhlyQskpNgTGcEIHJeEifaEua58F4lhSBSsiTjA72bCKo9WCjkM7Le GHJZPKK2T++eGXgi1tabpA2ZsbJxNmDPoCukzexXZ5sbqA==; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=zsh.org; s=rsa-20210803; h=List-Archive:List-Owner:List-Post:List-Unsubscribe: List-Subscribe:List-Help:List-Id:Sender:Content-Transfer-Encoding: Content-Type:Message-ID:Subject:To:From:Date:MIME-Version:Reply-To:Cc: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References; bh=sWXa3eKKWeoMVJjY5WOOu3youqUTkj+ordyqdVMdHLo=; b=agh6TQIB3lj/x0KpXz5rq1dTPY zMuWL4uGmVaeFHaX9J8KVDk+a70vNLl6WEp4Fbc/jGyfV42gcLMRMBVtrj6HwlbkhF+dQH1DewZFW CQwYyLs6miE4OotSAOpMU6BnphrwV6csgEgXA9pj2DS6lMYXi2zZZbKn+8IGjM6cU2ZEfgVMyvX1d tYmWaQJl5P4RrV6fRRgXU3dI8cetwUGPG5RTopQg7PiNb3x+X/vdsQQlVT0Hcsi1QqxuvCQHt12MP 4KakmT5UuyVPLhzh3YVt8N3jaErKPouN5/BO9eUAmiWCXcu8S7YvMqr6s+AniIa3JZJLtuedIIab8 TVisVa/w==; Received: by zero.zsh.org with local id 1pR8wq-000OE0-DV; Sun, 12 Feb 2023 09:47:04 +0000 Authentication-Results: zsh.org; iprev=pass (mx1.riseup.net) smtp.remote-ip=198.252.153.129; dkim=pass header.d=riseup.net header.s=squak header.a=rsa-sha256; dmarc=pass header.from=riseup.net; arc=none Received: from mx1.riseup.net ([198.252.153.129]:55872) by zero.zsh.org with esmtps (TLS1.3:TLS_AES_256_GCM_SHA384:256) id 1pR8wb-000Nub-5E; Sun, 12 Feb 2023 09:46:49 +0000 Received: from fews1.riseup.net (fews1-pn.riseup.net [10.0.1.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mail.riseup.net", Issuer "R3" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 4PF2gC0p7JzDqQ5 for ; Sun, 12 Feb 2023 09:46:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1676195207; bh=Jb/n5eK7pofjBa6AD5T/+BMwPaV+VMGXMKj80xjjaBc=; h=Date:From:To:Subject:From; b=EKNtFlA5OVGtGJz2XgPFVTyKIQTYjbbECleJhrV+N9oJMNDyyHjsMak8M7ZrEKXyo ivs126xP6CZfroshVWaVCI/0v5EFmJ47+zvnyq5dVZsUdRqTklkzis0kewTYJ+efZg xU6mwNmHjiq87RK82kAJuSxovKUSVmc/SQSVLJRw= X-Riseup-User-ID: 5EDE0A208568EE0532E32092C5B56B773FDED7539CE39B0451CC07009E4C796C Received: from [127.0.0.1] (localhost [127.0.0.1]) by fews1.riseup.net (Postfix) with ESMTPSA id 4PF2gB6kxwz5vcP for ; Sun, 12 Feb 2023 09:46:46 +0000 (UTC) MIME-Version: 1.0 Date: Sun, 12 Feb 2023 09:46:46 +0000 From: donoban@riseup.net To: zsh-workers@zsh.org Subject: Segfault due short overflow in hist.c Message-ID: <33435f346a37b44de507e41edf2839ff@riseup.net> Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Seq: 51411 Archived-At: X-Loop: zsh-workers@zsh.org Errors-To: zsh-workers-owner@zsh.org Precedence: list Precedence: bulk Sender: zsh-workers-request@zsh.org X-no-archive: yes List-Id: List-Help: , List-Subscribe: , List-Unsubscribe: , List-Post: List-Owner: List-Archive: Hi, I noticed that after expanding a big directory with 'rm -fr *' I could crash zsh in a reproducible way. Here is the backtrace from gdb: (gdb) bt #0 0x00005555555aa8be in hend (prog=prog@entry=0x7ffff7a5fbc8) at hist.c:1578 #1 0x00005555555ab08f in loop (justonce=, toplevel=) at init.c:170 #2 0x00005555555afacf in zsh_main (argc=, argv=) at init.c:1794 #3 0x00007ffff7f809ca in libc_start_main_stage2 (main=0x55555556ad90
, argc=1, argv=0x7fffffffe8c8) at src/env/__libc_start_main.c:95 #4 0x000055555556adab in _start () It seems that *chwords overflows with long enough strings so then it tries to access a negative index in chline[]. I'm not sure of how it should it be properly fixed without breaking any parts. Probably chwords should be a different type like size_t, but also it needs some check for the next overflow scenario. Best Regards!