From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 15776 invoked from network); 28 Jun 2020 07:10:04 -0000 Received: from ns1.primenet.com.au (HELO primenet.com.au) (203.24.36.2) by inbox.vuxu.org with ESMTPUTF8; 28 Jun 2020 07:10:04 -0000 Received: (qmail 1994 invoked by alias); 28 Jun 2020 07:09:51 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: List-Unsubscribe: Sender: zsh-workers@zsh.org X-Seq: 46156 Received: (qmail 20529 invoked by uid 1010); 28 Jun 2020 07:09:51 -0000 X-Qmail-Scanner-Diagnostics: from mail-ot1-f46.google.com by f.primenet.com.au (envelope-from , uid 7791) with qmail-scanner-2.11 (clamdscan: 0.102.3/25850. spamassassin: 3.4.4. Clear:RC:0(209.85.210.46):SA:0(-1.9/5.0):. Processed in 3.766404 secs); 28 Jun 2020 07:09:51 -0000 X-Envelope-From: schaefer@brasslantern.com X-Qmail-Scanner-Mime-Attachments: | X-Qmail-Scanner-Zip-Files: | Received-SPF: pass (ns1.primenet.com.au: SPF record at _netblocks.google.com designates 209.85.210.46 as permitted sender) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=BeWthk41RnWyZ5ITn952gbPbdUpILCcv6i7f6mw1PQk=; b=ceBn6oudfV4UTzuiJ664hSYU71zK/Xxya5aVJmIDDuhH/BTw6WhfkZE1jRzD6H6Hz2 iPxX+eJdaBPFLTg8LCeDvtQQAMHOjplCxjWf3o3cdGY29O7aN4pARlDISw1i2oBFY5HR 75KvE6ALIpxKVg82nHr58eUVraAn9bTh6YBa8boRS7OzduCXRn12+fhSXQksYuvKISsL JmEdLDDgLkhrWriR1WeS5o8pQO4rysGpiZD7D+90aqnFO8n5WY0CPdfre97+c07bm2wG JPhuH0sCe86Q4BunJ1sxqi40+v0KGEmFNJfCnPO4mXdAQQ4LX8VAwiHzo5UXIIxxt4TO +orQ== X-Gm-Message-State: AOAM530QmwdOgzDPW6nv2qVzKB5Ywzr7IfnDERTCll77wnh9wS0MZqWS voVbxyH1hETPjf3DWJQDTZL691VE69A7E+80PMYbSqRYT7s= X-Google-Smtp-Source: ABdhPJzOIwHYs3K9PIi5Rkx7b2AGvPdNyj4h+XZbEOZT64B+BlNBUNQx89PN3/4wtu2CDxjodAWvaPtSTbqFzOjCVMU= X-Received: by 2002:a9d:5d11:: with SMTP id b17mr9402040oti.260.1593328153810; Sun, 28 Jun 2020 00:09:13 -0700 (PDT) MIME-Version: 1.0 References: <00cb28e8-004e-2c8c-e02d-6063f4079c1d@soptik.tech> <20200626162405.4a7d28c1@tarpaulin.shahaf.local2> In-Reply-To: <20200626162405.4a7d28c1@tarpaulin.shahaf.local2> From: Bart Schaefer Date: Sun, 28 Jun 2020 00:09:02 -0700 Message-ID: Subject: Re: [BUG] Zsh crashes when using autocomplete because of memory unsafety (double free) To: "zsh-workers@zsh.org" Content-Type: multipart/alternative; boundary="0000000000009e6f7905a91f9edc" --0000000000009e6f7905a91f9edc Content-Type: text/plain; charset="UTF-8" On Fri, Jun 26, 2020 at 9:24 AM Daniel Shahaf wrote: > > tl;dr: I can reproduce two different segfaults here: one of them with > a minimal reproduction recipe; one with my personal setup, and > a specific setopt makes it go away. > Even more minimal: % autoload compinit % compinit -D % setopt completeinword % alias a='" I think it has to do with compset -P 1 '*=' compset -q If you look at what happens with % alias a=' % alias a= Alternately, % alias a='" % alias a=\" So, what's happening is that a=' turns into a=\" and consequently increases the offset by one, but then when completion fails (because of the double-quote not matching anything to the right of the cursor) and the original command line is restored, the new larger offset is applied to the original a=' string and indexes off the left end. Having gotten that far, though, I don't know how to fix it. --0000000000009e6f7905a91f9edc--