From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 27166 invoked by alias); 10 May 2017 14:57:31 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: X-Seq: 41093 Received: (qmail 28048 invoked from network); 10 May 2017 14:57:31 -0000 X-Qmail-Scanner-Diagnostics: from mail-io0-f171.google.com by f.primenet.com.au (envelope-from , uid 7791) with qmail-scanner-2.11 (clamdscan: 0.99.2/21882. spamassassin: 3.4.1. Clear:RC:0(209.85.223.171):SA:0(-2.8/5.0):. Processed in 1.595406 secs); 10 May 2017 14:57:31 -0000 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=-2.8 required=5.0 tests=FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_PASS,T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.1 X-Envelope-From: dualbus@gmail.com X-Qmail-Scanner-Mime-Attachments: | X-Qmail-Scanner-Zip-Files: | Received-SPF: pass (ns1.primenet.com.au: SPF record at _netblocks.google.com designates 209.85.223.171 as permitted sender) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=mEnIhfUclEvQX+/raefdYjzF3VpkodHaCyDKKLPdyZo=; b=ijzWrUlxGw/TmTr3uEZlYqjKOC436g1am0FpNYnFHwhpGia7Yyrq7Z7LfknaBNUUd5 8OEB31o4bjR1IgxDVqnHjQnSN86exFCuhztmg7ru59NNROSoCVIOWldf/zc+I8cVU4CT uEphalLTVX9zM8cYEjttK6zpW3K6lKXx92kc8pYmPzUyjd+DSKnZPa7R2OehX5s87U8G 7t/2gVc9WsXiiWZ4qM+cU8yzj9ebGkS5Rdfp6fw0aZvoCu3fo7Tn/bYG9BxaME+c/e8L w5NO74pdQLADecBv5Nek1s6kEE5CeiwXEej5W1kTQVN6+rHTwXVf8AcFT+nRDBp9/fnw I/Rg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=mEnIhfUclEvQX+/raefdYjzF3VpkodHaCyDKKLPdyZo=; b=kdasCo/+Z07U8gWkn2RyE/IYwlsBDk1jflU2WuKNszCs363E9LfgDw7ljSYHF29zvk HcHz5ixCl19TJFvxO+Eu7CgW2e2JVdaXf8e3+kF9ZyCy66RLb37G4oZcekjAGEdMCkgS 8gDfM90lwXnFj8EPjnqTqCuN9XrheCmSmltqtg5CE8aMWAcJrLYw8XJGXUCf4H48jTP8 N6xrFI1c9klBmONWWpDiSo6qyWl1AqND4l3HdTA/3h0dlcFYI5Syk5xhlkiTUFnRtOtW D00ntYOrvlex/GSWhXug70xw8ayI1TabEOY1niyfaqFAaHC4u3HQKKK73af9IZtn3lCj F5yg== X-Gm-Message-State: AODbwcDhYwFecH0J83FvRq7u/88Z2bgRxSBubm9341z86kOIOFahIk81 23zUmHZaC1Fa+s7xEzfeo7pBkiG/5AGi X-Received: by 10.107.185.10 with SMTP id j10mr4270693iof.3.1494428245523; Wed, 10 May 2017 07:57:25 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: <20170510154555.2a07d67b@pwslap01u.europe.root.pri> References: <170509234322.ZM7806@torch.brasslantern.com> <20170510154555.2a07d67b@pwslap01u.europe.root.pri> From: Eduardo Bustamante Date: Wed, 10 May 2017 09:57:05 -0500 Message-ID: Subject: Re: Zsh parser infinite loop in chuck from utils.c on malformed input To: Peter Stephenson Cc: zsh-workers@zsh.org Content-Type: text/plain; charset=UTF-8 On Wed, May 10, 2017 at 9:45 AM, Peter Stephenson wrote: [...] > The problem is NO_EXEC is all things to all people; in the case of a > shell there isn't really "just" a syntax check, because it's too > flexible. The result of a parameter expansion can in some cases have > a significant effect on what you're doing, in particular if the command > to execute is part of it. Being able to parse a parameter substitution > is itself quite an important check; and there's no fundamental > difference in the code between looking through the parameter > substitution and changing the arguments based on what you find. The > name NO_EXEC, rather than, say, SYNTAX_CHECK, is significant. > > Adding an additional mode that does even less is certainly possible, but > not necessarily of very wide applicability. Oh, I agree. Take for example: dualbus@debian:~$ for sh in bash ksh93 mksh dash zsh; do echo $sh $($sh -n <<< 'echo x; ${a$b}' 2>&1); done bash ksh93 ksh93: syntax error at line 1: `$' unexpected mksh dash zsh zsh: bad substitution Only ksh93 and zsh are able to detect the problematic parameter expansion under noexec. And I don't think there's enough value in implementing an additional mode. I can just hack the source to disable the bits that I find problematic for fuzzing. Thank you for your answers!