Crash on tab completion

Crash on tab completion

[Patrick Hilhorst]

[-- Attachment #1: Type: text/plain, Size: 445 bytes --]

Hello all,

I recently made a typo in my .zshrc that caused tab complete to crash zsh:

alias cpp_check="clang-tidy
-checks=\"-*,cppcoreguidelines-*,clang-analyzer-*,misc-*,modernize-*,performance-*,readability-*"

I presume this is because it tries to expand all asterisks. If any more
documentation is required, you can reach me at this address, since I’m not
subscribed to this mailing list.


Cheers,

Patrick Hilhorst
​

Re: Crash on tab completion

[Bart Schaefer]

On Mon, Sep 5, 2016 at 3:42 AM, Patrick Hilhorst
<patrickhilhorst97@gmail.com> wrote:
> Hello all,
>
> I recently made a typo in my .zshrc that caused tab complete to crash zsh:
>
> alias cpp_check="clang-tidy
> -checks=\"-*,cppcoreguidelines-*,clang-analyzer-*,misc-*,modernize-*,performance-*,readability-*"
>
> I presume this is because it tries to expand all asterisks. If any more
> documentation is required, you can reach me at this address, since I’m not
> subscribed to this mailing list.


% cpp_check  zle_tricky.c:658: BUG: 0 <= wb (-86) <= zlemetacs (9) <=
we (9) is not true!
BUG: substring ends in the middle of a metachar in ztrsub()


The "BUG: substring ..." line repeats 16 times and then zsh crashes.
Happens with the latest build from the repository.  Doesn't have
anything to do with the glob characters, it's all because of the
un-terminated double-quote in the expansion of the alias.  Also
crashes when compsys is NOT loaded, but without ever printing the
second BUG: line.  Seems to be because wb is computed with the alias
expanded, but then the alias is unwound before trying to update the
command line.

Re: Crash on tab completion

[Peter Stephenson]

On Mon, 5 Sep 2016 10:18:57 -0700
Bart Schaefer <schaefer@brasslantern.com> wrote:
> On Mon, Sep 5, 2016 at 3:42 AM, Patrick Hilhorst
> <patrickhilhorst97@gmail.com> wrote:
> > alias cpp_check="clang-tidy
> > -checks=\"-*,cppcoreguidelines-*,clang-analyzer-*,misc-*,modernize-*,performance-*,readability-*"
>
> % cpp_check  zle_tricky.c:658: BUG: 0 <= wb (-86) <= zlemetacs (9) <=
> we (9) is not true!
> BUG: substring ends in the middle of a metachar in ztrsub()
>
> Seems to be because wb is computed with the alias
> expanded, but then the alias is unwound before trying to update the
> command line.

Yes, it's the setting of wordbeg in gettok() which makes it a large
number, presumably from the aliased version, whereas when wordebg is
assigned back as difference against zlemetall, the corresponding line
length, that'ss short because it isn't.  So wb is off the start of the
string and mayhem results.

I wonder if the answer to this particular question is as simple as the
following?  This same test is used elswhere in lex.c.

I'm not that worried about making this completion completely sane, more
about fixing the crash and associated index problems.

pws

diff --git a/Src/lex.c b/Src/lex.c
index 6b20e14..e0935bf 100644
--- a/Src/lex.c
+++ b/Src/lex.c
@@ -613,7 +613,7 @@ gettok(void)
     if (lexstop)
 	return (errflag) ? LEXERR : ENDINPUT;
     isfirstln = 0;
-    if ((lexflags & LEXFLAGS_ZLE))
+    if ((lexflags & LEXFLAGS_ZLE) && !(inbufflags & INP_ALIAS))
 	wordbeg = inbufct - (qbang && c == bangchar);
     hwbegin(-1-(qbang && c == bangchar));
     /* word includes the last character read and possibly \ before ! */

Re: Crash on tab completion

[Bart Schaefer]

On Mon, Sep 5, 2016 at 1:27 PM, Peter Stephenson
<p.w.stephenson@ntlworld.com> wrote:
>
> I wonder if the answer to this particular question is as simple as the
> following?  This same test is used elswhere in lex.c.
>
> -    if ((lexflags & LEXFLAGS_ZLE))
> +    if ((lexflags & LEXFLAGS_ZLE) && !(inbufflags & INP_ALIAS))

This does stop the crash, at least under the conditions of the
original bug report.