* PATCH: seg fault resulting from parameter unset code
@ 2001-12-17 10:46 Oliver Kiddle
2001-12-18 14:43 ` Oliver Kiddle
0 siblings, 1 reply; 2+ messages in thread
From: Oliver Kiddle @ 2001-12-17 10:46 UTC (permalink / raw)
To: zsh-workers
This results in a seg fault on some systems (at least Linux):
f() {
integer i=4
i=(3 4)
}
f
This has been around a while - 3.0.8 is affected and I wouldn't be
suprised if it is much older even than that. I'll also post a patch
(against 3.0.8) to sourceforge.
The problem is that when the integer is unset as part of the array
assignment by stdunsetfn(), the value (pm->u) is not set to the null
pointer. Later when the array is set, it attempts to free any existing
array. pm->u.arr is going to be 4 casted to a pointer and it tries to
free it. Note that if you change the 4 to 0, it mostly likely won't
seg fault.
Oliver
Index: Src/params.c
===================================================================
RCS file: /cvsroot/zsh/zsh/Src/params.c,v
retrieving revision 1.54
diff -u -r1.54 params.c
--- Src/params.c 2001/12/17 01:16:37 1.54
+++ Src/params.c 2001/12/17 10:39:40
@@ -2175,6 +2175,7 @@
case PM_SCALAR: pm->sets.cfn(pm, NULL); break;
case PM_ARRAY: pm->sets.afn(pm, NULL); break;
case PM_HASHED: pm->sets.hfn(pm, NULL); break;
+ default: pm->u.str = NULL; break;
}
pm->flags |= PM_UNSET;
}
_____________________________________________________________________
This message has been checked for all known viruses by the
MessageLabs Virus Scanning Service. For further information visit
http://www.messagelabs.com/stats.asp
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: PATCH: seg fault resulting from parameter unset code
2001-12-17 10:46 PATCH: seg fault resulting from parameter unset code Oliver Kiddle
@ 2001-12-18 14:43 ` Oliver Kiddle
0 siblings, 0 replies; 2+ messages in thread
From: Oliver Kiddle @ 2001-12-18 14:43 UTC (permalink / raw)
To: zsh-workers
I wrote:
>
> The problem is that when the integer is unset as part of the array
> assignment by stdunsetfn(), the value (pm->u) is not set to the null
> pointer. Later when the array is set, it attempts to free any existing
> array. pm->u.arr is going to be 4 casted to a pointer and it tries to
> free it.
Except I didn't account for specials. In their case, pm->u shouldn't
be messed with.
Hopefully, this is now right.
Oliver
Index: params.c
===================================================================
RCS file: /cvsroot/zsh/zsh/Src/params.c,v
retrieving revision 1.57
diff -u -r1.57 params.c
--- params.c 2001/12/18 09:16:20 1.57
+++ params.c 2001/12/18 14:35:38
@@ -2286,7 +2286,10 @@
case PM_SCALAR: pm->sets.cfn(pm, NULL); break;
case PM_ARRAY: pm->sets.afn(pm, NULL); break;
case PM_HASHED: pm->sets.hfn(pm, NULL); break;
- default: pm->u.str = NULL; break;
+ default:
+ if (!(pm->flags & PM_SPECIAL))
+ pm->u.str = NULL;
+ break;
}
pm->flags |= PM_UNSET;
}
_____________________________________________________________________
This message has been checked for all known viruses by the
MessageLabs Virus Scanning Service. For further information visit
http://www.messagelabs.com/stats.asp
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2001-12-18 14:44 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2001-12-17 10:46 PATCH: seg fault resulting from parameter unset code Oliver Kiddle
2001-12-18 14:43 ` Oliver Kiddle
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).