From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from math.gatech.edu (euclid.skiles.gatech.edu [130.207.146.50]) by werple.net.au (8.7/8.7.1) with SMTP id MAA19877 for ; Sat, 28 Oct 1995 12:36:02 +1000 (EST) Received: by math.gatech.edu (5.x/SMI-SVR4) id AA11336; Fri, 27 Oct 1995 22:22:41 -0400 Resent-Date: Sat, 28 Oct 1995 03:22:18 +0100 (MET) Old-Return-Path: From: hzoli@cs.elte.hu (Zoltan Hidvegi) Message-Id: <9510280222.AA00233@turan.elte.hu> Subject: Re: 2.6b11-t10: -fwritable-strings (and another completion bug) To: kaefer@aglaia.snafu.de (Thorsten Meinecke) Date: Sat, 28 Oct 1995 03:22:18 +0100 (MET) In-Reply-To: from "Thorsten Meinecke" at Oct 23, 95 00:25:53 am X-Mailer: ELM [version 2.4 PL23] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: hzoli@cs.elte.hu Resent-Message-Id: <"pDQfW3.0.2n2.nFPam"@euclid> Resent-From: zsh-workers@math.gatech.edu X-Mailing-List: archive/latest/506 X-Loop: zsh-workers@math.gatech.edu Precedence: list Resent-Sender: zsh-workers-request@math.gatech.edu Thorsten Meinecke wrote: > 2) The code that detects if a completed filename is a directory, or > if a completed parameter's content refers to a directory (with > AUTO_PARAM_SLASH/GLOB_SUBST set), has arbitrary limits. Try comple- > tion on a parameter name with more than PATH_MAX chars in length. > Or try it (with AUTO_PARAM_SLASH on) when the parameter's content > is more than PATH_MAX in length: the buffer holding only PATH_MAX > chars will overflow and corrupt the stack. > > I'm fixing that by ncalloc()'ing the buffer with a size sufficient > to hold the parameter, at least PATH_MAX chars. The expanded string, > although it may be longer, will then be truncated at PATH_MAX-1 > chars. That shouldn't make any difference to stat(). Here is an other version of this fix. It is a bit more readable, and also fixes a similar problem in an other piece of code. This patch overrides Thorsten's patch in art. 489, but do not forget, that this also containd patch in art. 293 from Peter which is still necessary. The patch applies to vanilla beta11-test10. Cheers, Zoltan *** 1.2 1995/10/23 22:29:11 --- Src/zle_tricky.c 1995/10/23 22:35:51 *************** *** 3179,3185 **** { char b[PATH_MAX], *p; ! for (p = b; *nam; nam++) if (*nam == '\\' && nam[1]) *p++ = *++nam; else --- 3179,3185 ---- { char b[PATH_MAX], *p; ! for (p = b; p < b + sizeof(b) - 1 && *nam; nam++) if (*nam == '\\' && nam[1]) *p++ = *++nam; else *************** *** 3266,3272 **** if (!(haswhat & HAS_MISC) || (parampre && isset(AUTOPARAMSLASH))) { /* If we have only filenames or we completed a parameter name and auto_param_slash is set, lets see if it is a directory. */ ! char p[PATH_MAX], *ss; struct stat buf; /* Build the path name. */ --- 3266,3272 ---- if (!(haswhat & HAS_MISC) || (parampre && isset(AUTOPARAMSLASH))) { /* If we have only filenames or we completed a parameter name and auto_param_slash is set, lets see if it is a directory. */ ! char *p; struct stat buf; /* Build the path name. */ *************** *** 3277,3302 **** if (parampre) { int pl = strlen(parampre); sprintf(p, "%s%s%s%s", parampre, lpre, str, lsuf); if (pl && p[pl-1] == Inbrace) strcpy(p+pl-1, p+pl); } else if (ic) { sprintf(p, "%c%s%s%s%s%s", ic, ppre, fpre, str, fsuf, psuf); } else ! strcpy(p, str); ! ss = dupstring(p); ! tokenize(ss); ! singsub(&ss); ! strcpy(p, ss); noerrs = ne; ! } else sprintf(p, "%s%s%s%s%s", (prpre && *prpre) ? prpre : "./", fpre, str, fsuf, psuf); /* And do the stat. */ if (!ztat(p, &buf, 0) && (buf.st_mode & S_IFMT) == S_IFDIR) { /* It is a directory, so prepare to add the slash and set --- 3277,3307 ---- if (parampre) { int pl = strlen(parampre); + p = (char *) ncalloc(pl + strlen(lpre) + strlen(str) + + strlen(lsuf) + 1); sprintf(p, "%s%s%s%s", parampre, lpre, str, lsuf); if (pl && p[pl-1] == Inbrace) strcpy(p+pl-1, p+pl); } else if (ic) { + p = (char *) ncalloc(strlen(ppre) + strlen(fpre) + strlen(str) + + strlen(fsuf) + strlen(psuf) + 2); sprintf(p, "%c%s%s%s%s%s", ic, ppre, fpre, str, fsuf, psuf); } else ! p = dupstring(str); ! tokenize(p); ! singsub(&p); noerrs = ne; ! } else { ! p = (char *) ncalloc((prpre ? strlen(prpre) : 0) + strlen(fpre) + ! strlen(str) + strlen(fsuf) + strlen(psuf) + 3); sprintf(p, "%s%s%s%s%s", (prpre && *prpre) ? prpre : "./", fpre, str, fsuf, psuf); + } /* And do the stat. */ if (!ztat(p, &buf, 0) && (buf.st_mode & S_IFMT) == S_IFDIR) { /* It is a directory, so prepare to add the slash and set *************** *** 3549,3555 **** while (*ap) { int t2 = ispattern ? strlen(*ap) : strlen(*ap + off) - boff + 1 + fpl + fsl; ! char pbuf[PATH_MAX], *pb; struct stat buf; /* Build the path name for the stat. */ --- 3554,3560 ---- while (*ap) { int t2 = ispattern ? strlen(*ap) : strlen(*ap + off) - boff + 1 + fpl + fsl; ! char *pb; struct stat buf; /* Build the path name for the stat. */ *************** *** 3562,3568 **** t2 -= off + boff - 1; } else { fprintf(shout, "%s%s%s", fpre, *ap, fsuf); ! sprintf(pb = pbuf, "%s%s%s%s", (prpre && *prpre) ? prpre : "./", fpre, *ap, fsuf); } if (ztat(pb, &buf, 1)) --- 3567,3575 ---- t2 -= off + boff - 1; } else { fprintf(shout, "%s%s%s", fpre, *ap, fsuf); ! pb = (char *) ncalloc((prpre ? strlen(prpre) : 0) + 3 + ! strlen(fpre) + strlen(*ap) + strlen(fsuf)); ! sprintf(pb, "%s%s%s%s", (prpre && *prpre) ? prpre : "./", fpre, *ap, fsuf); } if (ztat(pb, &buf, 1))