From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 5903 invoked from network); 4 Jul 2020 20:21:22 -0000 Received: from ns1.primenet.com.au (HELO primenet.com.au) (203.24.36.2) by inbox.vuxu.org with ESMTPUTF8; 4 Jul 2020 20:21:22 -0000 Received: (qmail 28604 invoked by alias); 4 Jul 2020 20:21:13 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: List-Unsubscribe: Sender: zsh-workers@zsh.org X-Seq: 46180 Received: (qmail 23458 invoked by uid 1010); 4 Jul 2020 20:21:13 -0000 X-Qmail-Scanner-Diagnostics: from mail-oi1-f176.google.com by f.primenet.com.au (envelope-from , uid 7791) with qmail-scanner-2.11 (clamdscan: 0.102.3/25857. spamassassin: 3.4.4. Clear:RC:0(209.85.167.176):SA:0(-1.9/5.0):. Processed in 1.489743 secs); 04 Jul 2020 20:21:13 -0000 X-Envelope-From: schaefer@brasslantern.com X-Qmail-Scanner-Mime-Attachments: | X-Qmail-Scanner-Zip-Files: | Received-SPF: pass (ns1.primenet.com.au: SPF record at _netblocks.google.com designates 209.85.167.176 as permitted sender) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=woFtUpQO/ATCPJrcBLXX7Gpbux2x0n4bTFUVJcPSfbs=; b=qnJZIWhDQPS+nKCW5EaPB7sNHV8W5XM12GcvrDWBFYbK3U+sbcw0k85iwXVdzP1LPo UAEZ823RebJjo4SOjtjRog6BC1huaHGILonZQg0RuGMVwcOODSSRbh/ru1+yYbLoAIUV PLvR3hEjjfSWgzL/ILLyrtsLwzGW0oWaCJz3qiaRj81d6YCMwzKS5LNE/WGTa7qa6Mvu yn/JdSIQYfEXLKGlCzeLlBK7FPSVqadMUv7jdnGTmak47ZFC11kMwwsGxtrZwZTLH08+ J9oqsGYwb3e++zvPf7O6jiQ11q55oPqo1GBf3DKJ33FSb1JM6xzTFMgQd0zS4LvbVmyH goTg== X-Gm-Message-State: AOAM533FxnNBOlevb3Cigaa7x7Sl0R3Z5JA2seWCV5domnjFrMU9KY43 UFkHLZWf/TJbImTZTa0poAbUMpLPb6EcJsON9e4MUA/6YrE= X-Google-Smtp-Source: ABdhPJywU87BPDWego4ohVqO3bvmgEaPE7uVYS6s6jJSvuZUSSyXZAthaTextRKXNMoW/WNrUMmZVK20lwy070i25mo= X-Received: by 2002:a05:6808:a19:: with SMTP id n25mr10794559oij.84.1593894038703; Sat, 04 Jul 2020 13:20:38 -0700 (PDT) MIME-Version: 1.0 References: <00cb28e8-004e-2c8c-e02d-6063f4079c1d@soptik.tech> <20200626162405.4a7d28c1@tarpaulin.shahaf.local2> In-Reply-To: From: Bart Schaefer Date: Sat, 4 Jul 2020 13:20:26 -0700 Message-ID: Subject: Re: [BUG] Zsh crashes when using autocomplete because of memory unsafety (double free) To: "zsh-workers@zsh.org" Content-Type: text/plain; charset="UTF-8" On Sun, Jun 28, 2020 at 8:48 PM Bart Schaefer wrote: > > So the patch is sort of on the right track, but still not the whole > story. Turning this back over to others, I probably won't have a > chance to look at it again for a few days. Spent a little while on this today. This seems to be related to get_comp_string() and the way completion really wants to remove quotation marks. E.g.: % alias a='echo z' % alias a=echo\ zsh When doing complete-in-word after an open-quote AND there are other characters on the line that have to be backslash-escaped in order to remove the quotes, the process of updating the line becomes confused. For example, starting from: % alias a="echo foo bar Complete-in-word after "echo" crashes, and after "foo" produces the "expect x at offset" debugging message. It does seem to require the collusion of "compset -q" to actually crash it. The recalculation of where words begin and end leads to mis-indexing. Again this is as far as I've gotten. If anyone else wants to have a go, by all means.