Segfault in =( ) substitution

zsh-workers
 help / color / mirror / code / Atom feed

From: Vin Shelton <acs@alumni.princeton.edu>
To: zsh-workers@zsh.org
Subject: Segfault in =( ) substitution
Date: Sun, 14 Oct 2012 23:30:28 -0400	[thread overview]
Message-ID: <CACeGjnUhwg+ehAX0CAge+Hye3m7xE6vA-5XCwenf4tTXS7kMtg@mail.gmail.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 3410 bytes --]

Greetings -

Starting very recently, I'm getting a core dump from this code:

Contents of ./tst1
#!/opt/build/zsh-2012-10-11/Src/zsh

emulate -LR zsh

file1=/opt/build/xemacs-21.5-2012-10-01/Installation
pat1='s/2012-10-01/2012-10-XXX/g'

diff1=$file1
[[ -n $pat1 ]] && diff1=( =(perl -p -e $pat1 < $file1) )


./tst1
zsh: segmentation fault (core dumped)  ./tst1
legolas [./tst1] ~
            12-10-14 10:15PM
: ~ Sun 14 22:15; gdb /opt/build/zsh-2012-10-11/Src/zsh core.*(om[1])
GNU gdb (GDB) Fedora (7.4.50.20120120-50.fc17)
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /opt/build/zsh-2012-10-11/Src/zsh...done.

warning: core file may not match specified executable file.
[New LWP 20029]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `/opt/build/zsh-2012-10-11/Src/zsh ./tst1'.
Program terminated with signal 11, Segmentation fault.
#0  0x0000000000475305 in stringsubst (list=list@entry=0x7f8d5a861440,
node=0x7f8d5a861458,
    pf_flags=pf_flags@entry=0, asssub=asssub@entry=0)
    at ../../../src/zsh-2012-10-11/Src/subst.c:175
175                 restlen = strlen(rest);
Missing separate debuginfos, use: debuginfo-install
gdbm-1.10-2.fc17.x86_64 glibc-2.15-57.fc17.x86_64
ncurses-libs-5.9-4.20120204.fc17.x86_64 pcre-8.21-5.fc17.x86_64
(gdb) bt
#0  0x0000000000475305 in stringsubst (list=list@entry=0x7f8d5a861440,
node=0x7f8d5a861458,
    pf_flags=pf_flags@entry=0, asssub=asssub@entry=0)
    at ../../../src/zsh-2012-10-11/Src/subst.c:175
#1  0x000000000047a95b in prefork (list=list@entry=0x7f8d5a861440, flags=2)
    at ../../../src/zsh-2012-10-11/Src/subst.c:77
#2  0x00000000004251b4 in addvars (state=0x7fffd3e81270, pc=<optimized
out>, addflags=0)
    at ../../../src/zsh-2012-10-11/Src/exec.c:2199
#3  0x000000000042555b in execsimple (state=0x0, state@entry=0x7fffd3e81270)
    at ../../../src/zsh-2012-10-11/Src/exec.c:1097
#4  0x000000000042b965 in execlist (state=state@entry=0x7fffd3e81270,
    dont_change_job=dont_change_job@entry=0, exiting=exiting@entry=0)
    at ../../../src/zsh-2012-10-11/Src/exec.c:1243
#5  0x000000000042bf30 in execode (p=p@entry=0x7f8d5a861368,
    dont_change_job=dont_change_job@entry=0, exiting=exiting@entry=0,
    context=context@entry=0x4899b1 "toplevel") at
../../../src/zsh-2012-10-11/Src/exec.c:1057
#6  0x000000000043bb21 in loop (toplevel=toplevel@entry=1,
justonce=justonce@entry=0)
    at ../../../src/zsh-2012-10-11/Src/init.c:185
#7  0x000000000043e6cd in zsh_main (argc=<optimized out>, argv=<optimized out>)
    at ../../../src/zsh-2012-10-11/Src/init.c:1616
#8  0x000000000040dfd5 in main (argc=<optimized out>, argv=<optimized out>)
    at ../../../src/zsh-2012-10-11/Src/main.c:93
(gdb) p subst
$1 = <optimized out>
(gdb) p str
$2 = 0x7f8d5a861470 "\213\210perl -p -e $pat1 < $file1\211"
(gdb) p sublen
$3 = 0
(gdb) p rest
$4 = 0x0


It looks like a guard on rest is needed; in case it's just that
simple, a patch is attached.

  - Vin

[-- Attachment #2: d --]
[-- Type: application/octet-stream, Size: 1019 bytes --]

? last_update
Index: ChangeLog
===================================================================
RCS file: /cvsroot/zsh/zsh/ChangeLog,v
retrieving revision 1.5745
diff -a -u -r1.5745 ChangeLog
--- ChangeLog	11 Oct 2012 20:14:01 -0000	1.5745
+++ ChangeLog	15 Oct 2012 03:27:14 -0000
@@ -1,3 +1,7 @@
+2012-10-14  Vin Shelton  <acs@xemacs.org>
+
+	* Src/subst.c: guard against rest being NULL.
+
 2012-10-11  Peter Stephenson  <p.w.stephenson@ntlworld.com>
 
 	* 30726: Doc/Zsh/builtins.yo, Src/builtin.c, Src/exec.c,
Index: Src/subst.c
===================================================================
RCS file: /cvsroot/zsh/zsh/Src/subst.c,v
retrieving revision 1.139
diff -a -u -r1.139 subst.c
--- Src/subst.c	5 Oct 2012 21:35:06 -0000	1.139
+++ Src/subst.c	15 Oct 2012 03:27:14 -0000
@@ -170,7 +170,9 @@
 		return NULL;
 	    if (!subst)
 		subst = "";
-
+	    if (!rest)
+		rest = "";
+	    
 	    sublen = strlen(subst);
 	    restlen = strlen(rest);
 	    sptr = snew = hcalloc(str3len + sublen + restlen + 1);

next             reply	other threads:[~2012-10-15  3:30 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-10-15  3:30 Vin Shelton [this message]
2012-10-15  9:07 ` Peter Stephenson
2012-10-17 19:20 ` Peter Stephenson
2012-10-17 20:16   ` Peter Stephenson
2012-10-18 15:07     ` Bart Schaefer
2012-10-18 15:27       ` Peter Stephenson
2012-12-21  7:57     ` Han Pingtian
2012-12-21  9:01       ` Han Pingtian
2012-12-21  9:51         ` Han Pingtian
2012-12-21 10:34       ` Peter Stephenson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CACeGjnUhwg+ehAX0CAge+Hye3m7xE6vA-5XCwenf4tTXS7kMtg@mail.gmail.com \
    --to=acs@alumni.princeton.edu \
    --cc=zsh-workers@zsh.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.vuxu.org/mirror/zsh/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).