zsh-workers
 help / color / Atom feed
* PATCH: fix a memory leak and potential heap corruption when rotating lines
@ 2019-10-28 11:29 Roman Perepelitsa
  2019-10-28 11:50 ` Mikael Magnusson
  0 siblings, 1 reply; 3+ messages in thread
From: Roman Perepelitsa @ 2019-10-28 11:29 UTC (permalink / raw)
  To: Zsh hackers list

[-- Attachment #1: Type: text/plain, Size: 496 bytes --]

I've bumped into this code accidentally while trying to do something
unrelated. It looks wrong to me although there is a good chance I'm
misreading it. I'm attaching a patch that either fixes two bugs,
introduces two new bugs, or does something in between. I'll appreciate
if someone more experienced can take a look at it.

All test pass with this patch and my zsh seems to work fine. I haven't
verified that this code actually runs either during testing or when
I'm using zsh normally.

Roman.

[-- Attachment #2: fix-rotate-lines.patch.txt --]
[-- Type: text/plain, Size: 793 bytes --]

diff --git a/Src/Zle/zle_refresh.c b/Src/Zle/zle_refresh.c
index 7cc338ab1..85e55e0d4 100644
--- a/Src/Zle/zle_refresh.c
+++ b/Src/Zle/zle_refresh.c
@@ -1652,7 +1652,7 @@ zrefresh(void)
 		zfree(obuf[iln], (winw + 2) * sizeof(**obuf));
 		for (t0 = iln; t0 != olnct; t0++)
 		    obuf[t0] = obuf[t0 + 1];
-		obuf[olnct--] = NULL;
+		obuf[--olnct] = NULL;
 	    }
 	/* don't try to insert a line if olnct = vmaxln (vmaxln is the number
 	   of lines that have been displayed by this routine) so that we don't
@@ -1662,7 +1662,6 @@ zrefresh(void)
 		     obuf[iln] && !ZR_strncmp(obuf[iln], nbuf[iln + 1], 16)) {
 		moveto(iln, 0);
 		tcout(TCINSLINE);
-		zfree(obuf[olnct], (winw + 2) * sizeof(**obuf));
 		for (t0 = olnct; t0 != iln; t0--)
 		    obuf[t0] = obuf[t0 - 1];
 		obuf[iln] = NULL;

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: PATCH: fix a memory leak and potential heap corruption when rotating lines
  2019-10-28 11:29 PATCH: fix a memory leak and potential heap corruption when rotating lines Roman Perepelitsa
@ 2019-10-28 11:50 ` Mikael Magnusson
  2019-10-28 12:04   ` Roman Perepelitsa
  0 siblings, 1 reply; 3+ messages in thread
From: Mikael Magnusson @ 2019-10-28 11:50 UTC (permalink / raw)
  To: Roman Perepelitsa; +Cc: Zsh hackers list

On 10/28/19, Roman Perepelitsa <roman.perepelitsa@gmail.com> wrote:
> I've bumped into this code accidentally while trying to do something
> unrelated. It looks wrong to me although there is a good chance I'm
> misreading it. I'm attaching a patch that either fixes two bugs,
> introduces two new bugs, or does something in between. I'll appreciate
> if someone more experienced can take a look at it.
>
> All test pass with this patch and my zsh seems to work fine. I haven't
> verified that this code actually runs either during testing or when
> I'm using zsh normally.

Did you accidentally sent a reversed patch? That line has been --olnct
since the initial cvs revision.

-- 
Mikael Magnusson

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: PATCH: fix a memory leak and potential heap corruption when rotating lines
  2019-10-28 11:50 ` Mikael Magnusson
@ 2019-10-28 12:04   ` Roman Perepelitsa
  0 siblings, 0 replies; 3+ messages in thread
From: Roman Perepelitsa @ 2019-10-28 12:04 UTC (permalink / raw)
  To: Mikael Magnusson; +Cc: Zsh hackers list

[-- Attachment #1: Type: text/plain, Size: 283 bytes --]

On Mon, Oct 28, 2019 at 12:50 PM Mikael Magnusson <mikachu@gmail.com> wrote:
> Did you accidentally sent a reversed patch?

Oops. Yes, I did.

I'm attaching the proper patch. Link to the same:
https://github.com/zsh-users/zsh/commit/1edb4d235da56e785f85cdc111efdfb9b0753163.

Roman.

[-- Attachment #2: fix-rotate-lines.patch.txt --]
[-- Type: text/plain, Size: 793 bytes --]

diff --git a/Src/Zle/zle_refresh.c b/Src/Zle/zle_refresh.c
index 85e55e0d4..7cc338ab1 100644
--- a/Src/Zle/zle_refresh.c
+++ b/Src/Zle/zle_refresh.c
@@ -1652,7 +1652,7 @@ zrefresh(void)
 		zfree(obuf[iln], (winw + 2) * sizeof(**obuf));
 		for (t0 = iln; t0 != olnct; t0++)
 		    obuf[t0] = obuf[t0 + 1];
-		obuf[--olnct] = NULL;
+		obuf[olnct--] = NULL;
 	    }
 	/* don't try to insert a line if olnct = vmaxln (vmaxln is the number
 	   of lines that have been displayed by this routine) so that we don't
@@ -1662,6 +1662,7 @@ zrefresh(void)
 		     obuf[iln] && !ZR_strncmp(obuf[iln], nbuf[iln + 1], 16)) {
 		moveto(iln, 0);
 		tcout(TCINSLINE);
+		zfree(obuf[olnct], (winw + 2) * sizeof(**obuf));
 		for (t0 = olnct; t0 != iln; t0--)
 		    obuf[t0] = obuf[t0 - 1];
 		obuf[iln] = NULL;

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, back to index

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-28 11:29 PATCH: fix a memory leak and potential heap corruption when rotating lines Roman Perepelitsa
2019-10-28 11:50 ` Mikael Magnusson
2019-10-28 12:04   ` Roman Perepelitsa

zsh-workers

Archives are clonable: git clone --mirror http://inbox.vuxu.org/zsh-workers

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.zsh.workers


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git