Zsh parser segmentation fault in strcatsub

zsh-workers
 help / color / mirror / code / Atom feed

From: Eduardo Bustamante <dualbus@gmail.com>
To: zsh-workers@zsh.org
Cc: "Eduardo A. Bustamante López" <dualbus@gmail.com>
Subject: Zsh parser segmentation fault in strcatsub
Date: Mon, 15 May 2017 16:30:52 -0500	[thread overview]
Message-ID: <CAOSMAuuUiTz_3ih-b6TYnZYnevs+eYgOkXHjLY6oOTtCmQOWfg@mail.gmail.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 5044 bytes --]

dualbus@debian:~/bash-fuzzing/zsh-parser$ base64 strcatsub
JCQwMDAwJHsoZTB6KV5ZLTAwMCR7KHopXlktMDA+AAoKCgp7MDAwMDAwfTB9MAowMH0keyUwMDAw
MDAwMDAwADAwMDAwMDAwMDAwMDAwADAwMDAwMDAwMDAwMDAwMDCKMDAwMDAwljAwlTAwMDCWlo0w
MDAwMDAwJHsoZnpmTGwwMjAwb05OgD8+JjmioqKioqIvL6KAPzBCMG1wcjAyMDAloo6iopeiT40p
M29OMGlPMCljMDAwJTAwMDAwMDAwMDAwMH2hMACHMDAwMDAwljAwh4cwMDAwMDAAMDAwMDAwMJYw
MId9MDA=

Core was generated by `/home/dualbus/src/zsh/zsh/Src/zsh -nv strcatsub'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  __strcpy_sse2_unaligned () at
../sysdeps/x86_64/multiarch/strcpy-sse2-unaligned.S:235
235     ../sysdeps/x86_64/multiarch/strcpy-sse2-unaligned.S: No such
file or directory.
(gdb) bt
#0  __strcpy_sse2_unaligned () at
../sysdeps/x86_64/multiarch/strcpy-sse2-unaligned.S:235
#1  0x00000000004c12ab in strcatsub (d=0x7fff6a5f47b8,
    pb=0x7fa742ad6bed
"0\203\266\203\266\203\255\060\060\060\060\060\060\060\205\217\210fzfLl020000000000\203
", '0' <repeats 14 times>, "\203 ", '0' <repeats 16 times>,
"\203\252\060\060\060\060\060\060\203\266\060\060\203\265\060\060\060\060\203\266\203\266\203\255\060\060\060\060\060\060\060\066\071\060\060\060\060\060\060\205\217%0000000000\203
", '0' <repeats 14 times>, "\203 ", '0' <repeats 16 times>,
"\203\252\060\060\060\060\060\060\203\266\060\060\203\265\060\060\060\060\203\266\203\266\203\255\060\060\060\060\060\060\060\205\217\210fzfLl0200000"...,
    pe=0x7fa742ad6c38
"0\203\266\060\060\203\265\060\060\060\060\203\266\203\266\203\255\060\060\060\060\060\060\060\066\071\060\060\060\060\060\060\205\217%0000000000\203
", '0' <repeats 14 times>, "\203 ", '0' <repeats 16 times>,
"\203\252\060\060\060\060\060\060\203\266\060\060\203\265\060\060\060\060\203\266\203\266\203\255\060\060\060\060\060\060\060\205\217\210fzfLl020000000000\203
", '0' <repeats 14 times>, "\203 ", '0' <repeats 16 times>,
"\203\252\060\060\060\060\060\060\203\266\060\060\203\265\060\060\060\060\203\266\203\266\203\255\060\060\060\060\060\060\060\066\071\060\060\060"...,
    src=0x7fa742ac7128 "69000000\205\217%0000000000\203 ", '0'
<repeats 14 times>, "\203 ", '0' <repeats 16 times>,
"\203\252\060\060\060\060\060\060\203\266\060\060\203\265\060\060\060\060\203\266\203\266\203\255\060\060\060\060\060\060\060\205\217\210fzfLl020000000000\203
", '0' <repeats 14 times>, "\203 ", '0' <repeats 16 times>,
"\203\252\060\060\060\060\060\060\203\266\060\060\203\265\060\060\060\060\203\266\203\266\203\255\060\060\060\060\060\060\060\066\071\060\060\060\060\060\060\205\217%0000000000\203
000000"..., l=224,
    s=0x7fa742ad6c93
"\203\265\060\060\060\060\203\266\203\266\203\255\060\060\060\060\060\060\060\205\217\210fzfLl020000000000\203
", '0' <repeats 14 times>, "\203 ", '0' <repeats 16 times>,
"\203\252\060\060\060\060\060\060\203\266\060\060\203\265\060\060\060\060\203\266\203\266\203\255\060\060\060\060\060\060\060\066\071\060\060\060\060\060\060\205\217%0000000000\203
", '0' <repeats 14 times>, "\203 ", '0' <repeats 16 times>,
"\203\252\060\060\060\060\060\060\203\266\060\060\203\265\060\060\060\060\203\266\203\266\203\255\060\060\060\060\060\060\060\205\217\210fzfLl02"...,
glbsub=0, copied=1) at subst.c:738
#2  0x00000000004bf1ad in paramsubst (l=0x7fff6a5f53b0,
n=0x7fff6a5f5398, str=0x7fff6a5f4d70, qt=0, pf_flags=4,
    ret_flags=0x7fff6a5f534c) at subst.c:4031
#3  0x00000000004b5083 in stringsubst (list=0x7fff6a5f53b0,
node=0x7fff6a5f5398, pf_flags=4, ret_flags=0x7fff6a5f534c, asssub=0)
    at subst.c:247
#4  0x00000000004b4435 in prefork (list=0x7fff6a5f53b0, flags=4,
ret_flags=0x7fff6a5f534c) at subst.c:85
#5  0x00000000004b5abc in singsub (s=0x7fff6a5f5c08) at subst.c:430
#6  0x00000000004bb85b in paramsubst (l=0x7fff6a5f6390,
n=0x7fa742ad6cc8, str=0x7fff6a5f5d40, qt=0, pf_flags=0,
    ret_flags=0x7fff6a5f631c) at subst.c:3011
#7  0x00000000004b5083 in stringsubst (list=0x7fff6a5f6390,
node=0x7fa742ad6cc8, pf_flags=0, ret_flags=0x7fff6a5f631c, asssub=0)
    at subst.c:247
#8  0x00000000004b4435 in prefork (list=0x7fff6a5f6390, flags=0,
ret_flags=0x7fff6a5f631c) at subst.c:85
#9  0x0000000000440df5 in execcmd_getargs (preargs=0x7fa742ad37c8,
args=0x7fa742ad3688, expand=1) at exec.c:2659
#10 0x000000000043c1eb in execcmd_exec (state=0x7fff6a5f8230,
eparams=0x7fff6a5f70f0, input=0, output=0, how=18, last1=2)
    at exec.c:2765
#11 0x000000000043b804 in execpline2 (state=0x7fff6a5f8230, pcode=131,
how=18, input=0, output=0, last1=0) at exec.c:1873
#12 0x0000000000433f6e in execpline (state=0x7fff6a5f8230,
slcode=3074, how=18, last1=0) at exec.c:1602
#13 0x0000000000432dfe in execlist (state=0x7fff6a5f8230,
dont_change_job=0, exiting=0) at exec.c:1360
---Type <return> to continue, or q <return> to quit---
#14 0x000000000043277e in execode (p=0x7fa742ad3528,
dont_change_job=0, exiting=0, context=0x4d9274 "toplevel") at
exec.c:1141
#15 0x000000000045e366 in loop (toplevel=1, justonce=0) at init.c:208
#16 0x0000000000462846 in zsh_main (argc=3, argv=0x7fff6a5f8858) at init.c:1692
#17 0x0000000000411a32 in main (argc=3, argv=0x7fff6a5f8858) at ./main.c:93

[-- Attachment #2: strcatsub --]
[-- Type: application/octet-stream, Size: 233 bytes --]

next             reply	other threads:[~2017-05-15 21:31 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-05-15 21:30 Eduardo Bustamante [this message]
2017-05-16  0:48 ` Bart Schaefer
2017-05-16  1:36   ` Eduardo Bustamante
2017-05-16  3:38     ` Bart Schaefer
2017-05-17 18:37     ` Bart Schaefer
2017-05-18  2:21       ` Eduardo Bustamante
2017-05-16  8:47   ` Peter Stephenson
2017-05-16 13:30     ` Daniel Shahaf

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAOSMAuuUiTz_3ih-b6TYnZYnevs+eYgOkXHjLY6oOTtCmQOWfg@mail.gmail.com \
    --to=dualbus@gmail.com \
    --cc=zsh-workers@zsh.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.vuxu.org/mirror/zsh/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).