From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.0 required=5.0 tests=MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.4
Received: (qmail 13234 invoked from network); 29 Jun 2020 03:49:00 -0000
Received: from ns1.primenet.com.au (HELO primenet.com.au) (203.24.36.2)
  by inbox.vuxu.org with ESMTPUTF8; 29 Jun 2020 03:49:00 -0000
Received: (qmail 20841 invoked by alias); 29 Jun 2020 03:48:49 -0000
Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm
Precedence: bulk
X-No-Archive: yes
List-Id: Zsh Workers List <zsh-workers.zsh.org>
List-Post: <mailto:zsh-workers@zsh.org>
List-Help: <mailto:zsh-workers-help@zsh.org>
List-Unsubscribe: <mailto:zsh-workers-unsubscribe@zsh.org>
Sender: zsh-workers@zsh.org
X-Seq: 46165
Received: (qmail 8815 invoked by uid 1010); 29 Jun 2020 03:48:49 -0000
X-Qmail-Scanner-Diagnostics: from mail-ot1-f53.google.com by f.primenet.com.au (envelope-from <schaefer@brasslantern.com>, uid 7791) with qmail-scanner-2.11 
 (clamdscan: 0.102.3/25857. spamassassin: 3.4.4.  
 Clear:RC:0(209.85.210.53):SA:0(-1.9/5.0):. 
 Processed in 1.74934 secs); 29 Jun 2020 03:48:49 -0000
X-Envelope-From: schaefer@brasslantern.com
X-Qmail-Scanner-Mime-Attachments: |
X-Qmail-Scanner-Zip-Files: |
Received-SPF: pass (ns1.primenet.com.au: SPF record at _netblocks.google.com designates 209.85.210.53 as permitted sender)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to;
        bh=2p4j7mTBgW69Bc9jD3DLHyvCS0XUKoG0nt3Eztfswwg=;
        b=qPLs51uBxdvrmUDQGIW99zXSSIC0DxiATx2j2MtNkc5PTiZ04W9RsSVigUHMhE3/XW
         +ra/ls8Dwxl4k2gYgoTOoYdAYzzhx7QuTHzzT3Om4a9mpWJSEzhkbk36xDEBcTXzjXI/
         DyALtDPGtlagMCC1/4j7SEgf4lQSMgo3LZgYL/mK5aytj0AuDH09HJhkH/MTmcA/hCwZ
         74Jlv96CZYVYyt/UZ5Pz53tNYPFd+AQ6u4Lx8x3Kl5OJdbjvEELhDredR7rJnC1yZh7a
         wfpI1WBvRSf5OYmNj69YUkDMXVR1AyAWrf4XGDezyGmRq1uAIQF6kr29mznnFIXteWwB
         C01Q==
X-Gm-Message-State: AOAM532NWRXllrxmI/W0ugshuIwv1juKIqqCD2QIHH9ksFl5U/7TNEeG
	JJf5HasQXich+s+KRhgdGhr4HF/Pdvxcd+FQrXoBGxB3ZKA=
X-Google-Smtp-Source: ABdhPJxIoWVcTmThD4pOO6JQL3sxPuE1QgLPn8SILn0DQJaPr+BfUczF1oonZbkU4nVQe9sQ6e2KXyHXEDqJvQNNHSw=
X-Received: by 2002:a05:6830:17ce:: with SMTP id p14mr12392787ota.161.1593402492950;
 Sun, 28 Jun 2020 20:48:12 -0700 (PDT)
MIME-Version: 1.0
References: <00cb28e8-004e-2c8c-e02d-6063f4079c1d@soptik.tech>
 <20200626162405.4a7d28c1@tarpaulin.shahaf.local2> <CAH+w=7YVxqB5-TSO8QNvJajjv_MxnmWijd9PX=wkzXNu-GKGmg@mail.gmail.com>
 <CAH+w=7ZG2Gg1eby+qU62iLrB5cvshhqokvPCd9cKFdmJ4u_GzA@mail.gmail.com> <CAH+w=7a=fX_Onyt=yie=+J_xGEdB+crs6DU9tgCQfqZ9HTGUJQ@mail.gmail.com>
In-Reply-To: <CAH+w=7a=fX_Onyt=yie=+J_xGEdB+crs6DU9tgCQfqZ9HTGUJQ@mail.gmail.com>
From: Bart Schaefer <schaefer@brasslantern.com>
Date: Sun, 28 Jun 2020 20:48:01 -0700
Message-ID: <CAH+w=7aT+Lf1j5RkdtB5sMdg5QATReh16uTPMg31Bt+z-yxjZQ@mail.gmail.com>
Subject: Re: [BUG] Zsh crashes when using autocomplete because of memory
 unsafety (double free)
To: "zsh-workers@zsh.org" <zsh-workers@zsh.org>
Content-Type: text/plain; charset="UTF-8"

On Sun, Jun 28, 2020 at 12:35 PM Bart Schaefer
<schaefer@brasslantern.com> wrote:
>
> Here's the patch again in case HTML mangled it for the previous message:

Sigh, I didn't think it could be this simple.  Now instead of
segfaulting with the cursor between the single quote and the double
quote, it segfaults if the cursor is after the double quote:

% alias a='"<TAB>
16: compcore.c:1678: expecting 'x' at offset -1 of "x""

Program received signal SIGSEGV, Segmentation fault.

Also with completeinword NOT set, the single quote still vanishes in this case:

% alias a='<TAB>
% alias a=

So the patch is sort of on the right track, but still not the whole
story.  Turning this back over to others, I probably won't have a
chance to look at it again for a few days.