From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.4 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 31392 invoked from network); 6 Nov 2022 00:25:51 -0000 Received: from zero.zsh.org (2a02:898:31:0:48:4558:7a:7368) by inbox.vuxu.org with ESMTPUTF8; 6 Nov 2022 00:25:51 -0000 ARC-Seal: i=1; cv=none; a=rsa-sha256; d=zsh.org; s=rsa-20210803; t=1667694351; b=FIV7dOK1GYFDYaHKle52iGMEr1ulWmbOa+8SBYLKRp7yImbJSfKc3W4WyXqjVPPSae5jFSDlf4 zmsETA9BOmMrBV4GQdpmrom5d2YBePc8PuULjjCYAHxMDQ0ZuTOdGdY8JmSbX9bJLaHnT732Po ZNJ49dVJyzm2P47pXuEv5xKWXBYUfV3QINDLaUv04ZHCgXXGO6gjGQh3fzhrpXTXLXd+l/rr64 pSUUP5lUP3qOqba5zsOEM6xDC0uPI8PSbl3pR6uBcQb5RyPOztG3RbwkCYprpjOoyipOseLgf8 e63X3aFcrb5HZJSMKOfr0GnvfKfDByuxB8sG31y0G116QA==; ARC-Authentication-Results: i=1; zsh.org; iprev=pass (iris.zentaur.org) smtp.remote-ip=198.58.127.206; dkim=pass header.d=zentaur.org header.s=dkim20200120 header.a=rsa-sha256; dmarc=pass header.from=zentaur.org; arc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed; d=zsh.org; s=rsa-20210803; t=1667694351; bh=gnUQV8lX6moLQJknT15qT5FCrT1ffPlG1h9Fk4ok+3A=; h=List-Archive:List-Owner:List-Post:List-Unsubscribe:List-Subscribe:List-Help: List-Id:Sender:In-Reply-To:From:References:To:Subject:MIME-Version:Date: Message-ID:Content-Type:DKIM-Signature:DKIM-Signature; b=XYmG09ObiKCGeOdr6rSbjkjW6FV5sBRokvHiJUBS43WTTYaSPitKvX9prlnRSKnD4ogOX+ViIK WV+I//99QPVFtlvZjBW2tCJLjqWe0vIRek9TsEyDf0P3ZoC01QX5NgBoIJC6Nplteztlp0yCGl XbkSt91fbO0QM5BPuWTH7DU2uC+DKxqr+pdJ0OVTZd3xHHh/M8XwDEu8h6dj6k2xVShiHoZyYW 2mV1X1dTSdMQL7VsKCaLwSki2y3ym+tYXGg/A/ILTrFPgGsEri7AoweknGqqOvEU+Q6YbYb99o EqGa+yH+jT6yzcySN/C8sw+bGH7CLKvFQNABSIEptsvvgw==; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=zsh.org; s=rsa-20210803; h=List-Archive:List-Owner:List-Post:List-Unsubscribe: List-Subscribe:List-Help:List-Id:Sender:In-Reply-To:From:References:To: Subject:MIME-Version:Date:Message-ID:Content-Type:Reply-To:Cc: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID; bh=gnUQV8lX6moLQJknT15qT5FCrT1ffPlG1h9Fk4ok+3A=; b=n/BsIF+9quKNedhgmXDI0Y9oYT lIR+r1L6lNYxwcr+8zFXrPSnDJ7b+aTIXC+XsdrDGuAuu+Kw/YdbWS1c7GnZoiTEJJZKu4b2FeBVo e9d1BA+ZDHX3YFLfnFu5t2CdfWq86DUlF5k4l2anMBulHQw0FxWyqPYKXy0GyGdh9TdZ/93zd2xI8 08LotU111rlbsJYk+mAf1tWXPoAvoLw5OoziaMSpTQZdR6x55TTXAtFVf3riYMdy/t1a3b+RHJFTD Tf4048sC4eyRJ15pQM6lZEqRKDJLv33lnPXCoieTEhl4oLE8rr4QBfQH4zV81U6rRYTgOqCJM91TL iz97axNQ==; Received: by zero.zsh.org with local id 1orTTy-00010e-GN; Sun, 06 Nov 2022 00:25:50 +0000 Authentication-Results: zsh.org; iprev=pass (iris.zentaur.org) smtp.remote-ip=198.58.127.206; dkim=pass header.d=zentaur.org header.s=dkim20200120 header.a=rsa-sha256; dmarc=pass header.from=zentaur.org; arc=none Received: from iris.zentaur.org ([198.58.127.206]:36146) by zero.zsh.org with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) id 1orTTK-0000fu-W7; Sun, 06 Nov 2022 00:25:11 +0000 Received: from iris.zentaur.org (localhost [127.0.0.1]) by iris.zentaur.org (Postfix) with ESMTP id 4N4ZrP5tSPz3wZj for ; Sun, 6 Nov 2022 00:25:09 +0000 (UTC) Authentication-Results: iris.zentaur.org (amavisd-new); dkim=pass (2048-bit key) reason="pass (just generated, assumed good)" header.d=zentaur.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=zentaur.org; h= in-reply-to:from:from:references:to:content-language:subject :subject:user-agent:mime-version:date:date:message-id :content-type:content-type; s=dkim20200120; t=1667694309; x= 1667697910; bh=gnUQV8lX6moLQJknT15qT5FCrT1ffPlG1h9Fk4ok+3A=; b=D C6aUUdviXLQ5D8LgDGRqnjCl1atk5PUW/TN/NGiKB5mFUWyRloFbO4Rmpnl7RanS tFiRScvIjT1B+pkvJlhfzqy41pPXKR7U+8HzPOL5913pKqzybD9W0N6t6w4YvTJ4 c/Mdl/gnlXj64VpnBosgP0C4GOizmU3Sh13OEVpxN3e+5Wfww8OvkB3X7JGQJm27 JXBn8rsHx8iBq+XlA4BUajc6WNe0IylnO4tEmO2X/eN5G5Ze8IrBarwN9dgD+MUd Fld+Q+wyioFmC4yucZviXTCBFQhx3vSHYtEJ8VUw4qlGMNZp96v3PniqdHoO5MPa hJHDFBAjbUm2TlQjpRkcw== X-Virus-Scanned: amavisd-new at iris.zentaur.org Received: from iris.zentaur.org ([127.0.0.1]) by iris.zentaur.org (iris.zentaur.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id xYT_IHYonZ6o for ; Sun, 6 Nov 2022 00:25:09 +0000 (UTC) Received: from [192.168.72.136] (unknown [136.50.213.220]) by iris.zentaur.org (Postfix) with ESMTPSA id 4N4ZrP1J8pz3wZb for ; Sun, 6 Nov 2022 00:25:09 +0000 (UTC) Content-Type: multipart/mixed; boundary="------------8TGUX0PkWLiyOKhyNRrjlqb5" Message-ID: <7b444142-00f7-4b03-be95-068b9b476c53@zentaur.org> Date: Sat, 5 Nov 2022 19:24:50 -0500 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.3.3 Subject: [PATCH} Re: I think I found a serious bug in zstrtoul_underscore Content-Language: en-US To: zsh-workers@zsh.org References: <6d9ab07d-680a-f717-d9ba-8d3519311eb0@zentaur.org> From: Clinton Bunch In-Reply-To: <6d9ab07d-680a-f717-d9ba-8d3519311eb0@zentaur.org> X-Antivirus: Avast (VPS 221105-6, 11/5/2022), Outbound message X-Antivirus-Status: Clean X-Seq: 50879 Archived-At: X-Loop: zsh-workers@zsh.org Errors-To: zsh-workers-owner@zsh.org Precedence: list Precedence: bulk Sender: zsh-workers-request@zsh.org X-no-archive: yes List-Id: List-Help: , List-Subscribe: , List-Unsubscribe: , List-Post: List-Owner: List-Archive: This is a multi-part message in MIME format. --------------8TGUX0PkWLiyOKhyNRrjlqb5 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable On 11/5/2022 6:41 PM, Clinton Bunch wrote: > On 11/5/2022 5:13 PM, Clinton Bunch wrote: >> On 11/5/2022 4:57 PM, Clinton Bunch wrote: >>> This is how I'm calling it: >>> >>> if (!zstrtoul_underscore(OPT_ARG(ops, 'L'), &lower)) { >>> >> I've verified this on FreeBSD 13.1 and Solaris 11.4 as well, so=20 >> unless I'm calling it wrong, this seems like a serious bug. >> >> > Apparently the problem is with argument handling.=C2=A0 Zsh appears to=20 > interpret a negative number as another option (but doesn't error with=20 > unknown option) but=C2=A0 I get the same seg-fault when I don't specify= an=20 > argument to -L as when I specify a negative number. > > OPT_ARG_SAFE seems to prevent the seg-fault at that point, but I still=20 > get one in zstrtoul_underscore.=C2=A0 It seems like specifying that -L=20 > accepts an argument (specifically a number) should cause it to throw=20 > an error at argument parse time rather than at recovering the argument. > > I see now my mistake in the options segment of bintab, ":%" specifies an=20 *optional* numeric argument.=C2=A0=C2=A0 Removing the % makes it fail cor= rectly.=C2=A0=20 Which leads to the question why would there be an optional numeric=20 argument specification, but not a mandatory numeric argument specificatio= n? Though it did uncover a pathological case that caused a catastrophic=20 failure in zstrtoul_underscore.=C2=A0 It doesn't check that s is null bef= ore=20 it starts trying to convert.=C2=A0 I've attached the trivial patch. --------------8TGUX0PkWLiyOKhyNRrjlqb5 Content-Type: text/plain; charset=UTF-8; name="zstrtoul_underscore-NULL.patch" Content-Disposition: attachment; filename="zstrtoul_underscore-NULL.patch" Content-Transfer-Encoding: base64 ZGlmZiAtLWdpdCBhL1NyYy91dGlscy5jIGIvU3JjL3V0aWxzLmMKaW5kZXggZWRmNWQzZGY3 Li5lZGU3YjdhZjYgMTAwNjQ0Ci0tLSBhL1NyYy91dGlscy5jCisrKyBiL1NyYy91dGlscy5j CkBAIC0yNDgxLDYgKzI0ODEsOSBAQCB6c3RydG91bF91bmRlcnNjb3JlKGNvbnN0IGNoYXIg KnMsIHp1bG9uZyAqcmV0dmFsKQogewogICAgIHp1bG9uZyBjYWxjID0gMCwgbmV3Y2FsYyA9 IDAsIGJhc2U7CiAKKyAgICBpZiAoIXMpCisJcmV0dXJuIDA7CisKICAgICBpZiAoKnMgPT0g JysnKQogCXMrKzsKIAo= --------------8TGUX0PkWLiyOKhyNRrjlqb5--