From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.4 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,
	UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.4
Received: (qmail 3785 invoked from network); 18 Dec 2021 10:46:04 -0000
Received: from zero.zsh.org (2a02:898:31:0:48:4558:7a:7368)
  by inbox.vuxu.org with ESMTPUTF8; 18 Dec 2021 10:46:04 -0000
ARC-Seal: i=1; cv=none; a=rsa-sha256; d=zsh.org; s=rsa-20210803; t=1639824364;
	 b=HLeU/5xBVmUKAlhXHzbDTBwrtgEAVROaPZxjGRMW/zTs+YdOFmzrSeAAZkyGeyPgjRLd2cobef
	  jiOYzTCnPaMQlAmWvEINNysxuQR4x3nJd4d4X86hvg6hYTdWXm75i/06A146fiePXc+Ai42+2m
	  4sHtY94N3J1AOioTc4x6JAFjV60UIlXI04ks+o8BNRv1AU5Fa3gKQ0nAY0JNNfhV05/RcRERqf
	  tsTxMJOWZRlaM2ISHdPHGUPt418yPxxGWzusBTqclit0XTNK6K2CRX6zCl01EhDy0/4he9+ppb
	  7CDf8l4zqZDSO5jbKqcPt0Cthh5rzSkWkV3UB82T5FX0mQ==;
ARC-Authentication-Results: i=1; zsh.org;
	iprev=pass (mail-wm1-f45.google.com) smtp.remote-ip=209.85.128.45;
	dkim=pass header.d=gmail.com header.s=20210112 header.a=rsa-sha256;
	dmarc=pass header.from=gmail.com;
	arc=none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed; d=zsh.org; s=rsa-20210803; t=1639824364;
	bh=tdJ2CKbQsQd/+OXAXNUIHyVY+prl5AxdtzOAEXlElaE=;
	h=List-Archive:List-Owner:List-Post:List-Unsubscribe:List-Subscribe:List-Help:
	  List-Id:Sender:Content-Type:Cc:To:Subject:Message-ID:Date:From:In-Reply-To:
	  References:MIME-Version:DKIM-Signature:DKIM-Signature;
	b=hiUFAx3NLtZ3Y6t5UJBMyFI3Bf3NRHwk7tXH+iEfxJ+YGixo9Rs8UtGfJkoSJ0zegGK7vunwC9
	  zrRYEGFUDnCn+oZc85xzxCTKTOkt/rDQrnVJ6JtdAdZ+JJIrt/STOK2a8YZtExjrw1A5hwb8AT
	  Lh5uaRfdRBSfEdSnYQmqrF7Sf6yUE66uu1FrSLUDGVnkT1fmCBnOx4pLehSQ8fjwiqCyc/zEqz
	  3sVlesssM4RiCPUEaM/4OPxasXQjdxmnDjIyhotVslLezHGmvXssONvL6v1KbUhmLVpe45rkns
	  Im+irIp1cct7ADtQgXtWf8RmLk00T8MtD2sgacnKGMFEgw==;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=zsh.org;
	s=rsa-20210803; h=List-Archive:List-Owner:List-Post:List-Unsubscribe:
	List-Subscribe:List-Help:List-Id:Sender:Content-Type:Cc:To:Subject:Message-ID
	:Date:From:In-Reply-To:References:MIME-Version:Reply-To:
	Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:
	Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID;
	bh=qQAJ8JJNo5IOTkHm9Brk4ztvAilCh/FtCYBZm6FPBA8=; b=OnIdx2V3OeHrrHMJLZ1/50mfGR
	IjglclMOC2katOuro+2mOBZuYRRqBGfPVgMI0tFPOr3MoV3aChTKRUTdtULaUGEhYvkKCGZ8Z3E70
	e7Ywz4N4fuN/qjMF+scWlZJnsATdbsv2a430oaF1y3qDuOmqlPp4JhHCxb37BFOjy6WnLRkfKPa3m
	DAXTeHVHkKankpmmNKb6qTIhOEWT8095rnN24R04qcpA6p6TroJIsZz2PvErZJiRIaaDM37Po6DkE
	C4Nt5WqfPcRFzP+7i5AJiCBmSW3WCH0kDkJIpk0EP7dvlgVmQLWbI+NYdoTuRrQh4DugOpkJjikTJ
	LlPv5mRQ==;
Received: from authenticated user by zero.zsh.org with local 
	id 1myXE3-000N2v-LW; Sat, 18 Dec 2021 10:46:03 +0000
Authentication-Results: zsh.org;
	iprev=pass (mail-wm1-f45.google.com) smtp.remote-ip=209.85.128.45;
	dkim=pass header.d=gmail.com header.s=20210112 header.a=rsa-sha256;
	dmarc=pass header.from=gmail.com;
	arc=none
Received: from mail-wm1-f45.google.com ([209.85.128.45]:38501)
	by zero.zsh.org with esmtps (TLS1.3:TLS_AES_128_GCM_SHA256:128)
	id 1myX9z-000MSF-7o; Sat, 18 Dec 2021 10:41:52 +0000
Received: by mail-wm1-f45.google.com with SMTP id p36-20020a05600c1da400b003457428ec78so4591587wms.3;
        Sat, 18 Dec 2021 02:41:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=qQAJ8JJNo5IOTkHm9Brk4ztvAilCh/FtCYBZm6FPBA8=;
        b=ga9PatavboyJANJ96K1JGkeyXDtA0VtuLIm8gkOa1NmF5flMHfqZuulZOdUuMYtrTS
         DDFeleesA+VZlfYF1aROoHnR5ZcRAP2VeVXjcz6vYKv/9rSeNgLFPQ/NIAUZxlu3nFOQ
         X1GsekmHkGQh/FlQcVVagR8R9V6yoRhYxIwuaTuRHJmifQA+b89gp4lMuZwVu1ZKv3SA
         HT43PaMuLQQBYMKpVh+vbNfC9keAFDrUNduB4VB8uemalPkOYDkqYAyrTcuB7WkZf/4Q
         QhAouoCKrPLeU/5cB2HL4gDYSBhjaalp+Ua62SWe+S6Uh5jCqQRY4h8xVNJPXx1PAId6
         PUNQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=qQAJ8JJNo5IOTkHm9Brk4ztvAilCh/FtCYBZm6FPBA8=;
        b=icng0CAni4FJ2r+YINimNxTvfiXUG1jhIpLRRdQjGJqsO5kdcwpcTq9gpzEq07BxPT
         +5quUNcU48Ka0Ep0GSfaJ5kfcRmGY+cghiM6tO1nnuYp/+3/JbXt9Bhf262KWc9K3bPS
         Uv+RlkDDdP/m+fphzp4V+JnNxA8oBObT6uZpdTuRD1yT1W9UvBP8NuifM+WjtQ54QqU1
         beOC0JA8ZeBJIkCJOULgvzel6EBLRGH8+6vUh2Zvztj8PPNbh/LJB9tBoHZak3GPVznC
         Q/o39S4/hSKGEYBXZ4aRkdcQx12WmSGOAE4E4XTpX8778dEnlYwYglcGTE/q3VBfPxFA
         5r/Q==
X-Gm-Message-State: AOAM530bgou754UpmR1YgDkTLVtNDTVTM3hPb0U+/BVa/rKwwnTI64i/
	bC6WIo3TEc/6vrFRSrQQB4FsM4BAMuKYiF9SuOeueeuhKCw=
X-Google-Smtp-Source: ABdhPJwkoZie4UawaLr6dNqvNMoJ0RtsVHAWgTKA7Ozm5F8mfpE4grJquRYNrJnBvx8G5p6068RuyXJ3M95XaTXPqVc=
X-Received: by 2002:a05:600c:c7:: with SMTP id u7mr6250005wmm.85.1639824110454;
 Sat, 18 Dec 2021 02:41:50 -0800 (PST)
MIME-Version: 1.0
References: <CACeGjnWz=vjtE+cZWpzUtcCCRejjsa9rz_026wgt8vQ85UmsNg@mail.gmail.com>
 <CAH+w=7aMPFXQZvp=ykmsjDu=SRg6DXiFBaEoX9khAycTybxpCQ@mail.gmail.com>
 <CAH+w=7aTTRGg0B4UtbLL8Jc3UTEB9Ea1i8MDiUxaSrcYYEeriA@mail.gmail.com>
 <14951-1639612623.711910@AY72.mNNn.Pl2F> <CACeGjnWKB7OCUhtwFgPrhSdg4OLL-EmdmAwXVMZunPdSgC=h4w@mail.gmail.com>
In-Reply-To: <CACeGjnWKB7OCUhtwFgPrhSdg4OLL-EmdmAwXVMZunPdSgC=h4w@mail.gmail.com>
From: Zach Riggle <zachriggle@gmail.com>
Date: Sat, 18 Dec 2021 04:41:39 -0600
Message-ID: <CAMP9c5k0PAZYzH=sdREAofs+bT6auG4qawZ+wxdZTodvy-q4rw@mail.gmail.com>
Subject: Re: segfault in 'ls' completion
To: Vin Shelton <acs@alumni.princeton.edu>
Cc: Oliver Kiddle <opk@zsh.org>, Bart Schaefer <schaefer@brasslantern.com>, 
	"Zsh Hackers' List" <zsh-workers@zsh.org>
Content-Type: text/plain; charset="UTF-8"
X-Seq: 49656
Archived-At: <https://zsh.org/workers/49656>
X-Loop: zsh-workers@zsh.org
Errors-To: zsh-workers-owner@zsh.org
Precedence: list
Precedence: bulk
Sender: zsh-workers-request@zsh.org
X-no-archive: yes
List-Id: <zsh-workers.zsh.org>
List-Help: <mailto:sympa@zsh.org?subject=help>
List-Subscribe: <mailto:sympa@zsh.org?subject=subscribe%20zsh-workers>
List-Unsubscribe: <mailto:sympa@zsh.org?subject=unsubscribe%20zsh-workers>
List-Post: <mailto:zsh-workers@zsh.org>
List-Owner: <mailto:zsh-workers-request@zsh.org>
List-Archive: <http://www.zsh.org/sympa/arc/zsh-workers>

Has anybody actually tried running ZSH with memory safety options
enabled (e.g. Address Sanitizer)?

I assume there is a test suite available to run -- I can build Zsh
from source, but I'm not sure the "right" way to build the tests.

I've subscribed to the zsh-devel mailing list as I expect this is
better suited for that ML.

Zach Riggle

On Wed, Dec 15, 2021 at 9:41 PM Vin Shelton <acs@alumni.princeton.edu> wrote:
>
> Stops the segfault, and generates a conforming list.
>
> Thanks,
>   Vin
>
> On Wed, Dec 15, 2021 at 6:57 PM Oliver Kiddle <opk@zsh.org> wrote:
>>
>> Bart Schaefer wrote:
>> >     I was able to reproduce this
>>
>> I couldn't initially but as you could, I thought I'd better try again.
>>
>> > reverted to revision e40938c128 (before the workers/49499 changes to
>> > computil.c) and was no longer able to reproduce in that version, but that does
>> > also revert some changes to _arguments.
>>
>> It actually seems it was 49518 / 7cb980b which was only applied
>> yesterday having been posted in October and forgotten. I had a nagging
>> suspicion that I needed to further check over that. My mistake was
>> mixing up hex and decimal when looking at the ASCII table to work out
>> how to rearrange the single character option letters within the lookup
>> array. 20 should have been 0x20 or 32.
>>
>> 'y' appears before the tab and the word starts with something that isn't
>> '-'. So it uses the + options offset which are later and as y is within
>> the difference between decimal and hex 20 from the end of the characters
>> this caused it index beyond the end of the array.
>>
>> Following this, I also wondered what it's doing strcmping '/usr/libpy'
>> against every possible ls option. That's nothing new. Note that
>> _arguments only lets you start options with - or + and we check for
>> those explicitly in a few places. I think it's worth optimising this
>> away. The check could perhaps be factored into ca_get_opt() and
>> ca_get_sopt() ?
>>
>> If someone has a moment, please check that the calculation in
>> single_index() makes sense. The array is allocated as
>>   ret->single = (Caopt *) zalloc(188 * sizeof(Caopt));
>>
>> Oliver
>>
>> diff --git a/Src/Zle/computil.c b/Src/Zle/computil.c
>> index c49d688c8..59abb4cc4 100644
>> --- a/Src/Zle/computil.c
>> +++ b/Src/Zle/computil.c
>> @@ -1088,10 +1088,10 @@ bslashcolon(char *s)
>>  static int
>>  single_index(char pre, char opt)
>>  {
>> -    if (opt <= 20 || opt > 0x7e)
>> +    if (opt <= 0x20 || opt > 0x7e)
>>         return -1;
>>
>> -    return opt + (pre == '-' ? -21 : 94 - 21);
>> +    return opt + (pre == '-' ? -0x21 : 94 - 0x21);
>>  }
>>
>>  /* Parse an argument definition. */
>> @@ -2158,7 +2158,8 @@ ca_parse_line(Cadef d, Cadef all, int multi, int first)
>>
>>         /* See if it's an option. */
>>
>> -       if (state.opt == 2 && (state.curopt = ca_get_opt(d, line, 0, &pe)) &&
>> +       if (state.opt == 2 && (*line == '-' || *line == '+') &&
>> +           (state.curopt = ca_get_opt(d, line, 0, &pe)) &&
>>             (state.curopt->type == CAO_OEQUAL ?
>>              (compwords[cur] || pe[-1] == '=') :
>>              (state.curopt->type == CAO_EQUAL ?
>> @@ -2206,6 +2207,7 @@ ca_parse_line(Cadef d, Cadef all, int multi, int first)
>>                 state.curopt = NULL;
>>             }
>>         } else if (state.opt == 2 && d->single &&
>> +                  (*line == '-' || *line == '+') &&
>>                    ((state.curopt = ca_get_sopt(d, line, &pe, &sopts)) ||
>>                     (cur != compcurrent && sopts && nonempty(sopts)))) {
>>             /* Or maybe it's a single-letter option? */