${(qP)${var}} causes core dump

${(qP)${var}} causes core dump

[Tanaka Akira]

zsh dumps core as follows.

Z(2):akr@is27e1u11% Src/zsh -f
is27e1u11% var=a
is27e1u11% a=(\* \*)
is27e1u11% print -lr ${(qP)${var}}
\*
\*
is27e1u11% print -lr ${(qP)${var}}
zsh: segmentation fault (core dumped)  Src/zsh -f

(gdb) where
#0  0xa2638 in bslashquote (s=0xd72a0 '\\' <repeats 200 times>..., e=0x0, instring=0) at utils.c:3103
#1  0x933c8 in paramsubst (l=0xd71e8, n=0xd7230, str=0xffbeef04, qt=0, ssub=0) at subst.c:1657
#2  0x8bc38 in stringsubst (list=0xd71e8, node=0xd7230, ssub=0) at subst.c:122
#3  0x8b84c in prefork (list=0xd71e8, flags=0) at subst.c:71
#4  0x3318c in execcmd (cmd=0xd7120, input=0, output=0, how=2, last1=2) at exec.c:1528
#5  0x312e0 in execpline2 (pline=0xd71c8, how=2, input=0, output=0, last1=0) at exec.c:1062
#6  0x3040c in execpline (l=0xd7108, how=2, last1=0) at exec.c:875
#7  0x2fd34 in execlist (list=0xd71d8, dont_change_job=0, exiting=0) at exec.c:744
#8  0x4f22c in loop (toplevel=1, justonce=0) at init.c:145
#9  0x1b160 in main (argc=2, argv=0xffbef46c) at ./main.c:89
-- 
Tanaka Akira

Re: ${(qP)${var}} causes core dump

[Peter Stephenson]

Tanaka Akira wrote:
> zsh dumps core as follows.
> 
> Z(2):akr@is27e1u11% Src/zsh -f
> is27e1u11% var=a
> is27e1u11% a=(\* \*)
> is27e1u11% print -lr ${(qP)${var}}
> \*
> \*
> is27e1u11% print -lr ${(qP)${var}}
> zsh: segmentation fault (core dumped)  Src/zsh -f

The problem seems to be that paramsubst() is setting `copied = 1' after
retrieving the inner expression.  However, the value is then fetched for
the resulting parameter name `a', and it's only at that point one should
take account of whether the value has been copied.  Hence it was
erroneously operating directly on the value stored in the array.

Note that you can actually get away with ${(qP)var}, because the shell has
already been told of the inner lookup.

The following is safe, but Sven can probably tell us if converting the
unconditional assignment to
  if (!aspar)
      copied = 1;
would be better.

Index: Src/subst.c
===================================================================
RCS file: /home/pws/CVSROOT/projects/zsh/Src/subst.c,v
retrieving revision 1.2
diff -u -r1.2 subst.c
--- Src/subst.c	1999/12/03 19:12:11	1.2
+++ Src/subst.c	2000/01/09 18:36:23
@@ -1022,7 +1022,6 @@
 	    aspar = 0;
 	} else if (aspar)
 	    idbeg = val;
-	copied = 1;
 	*s = sav;
 	while (INULL(*s))
 	    s++;

-- 
Peter Stephenson <pws@pwstephenson.fsnet.co.uk>

Re: ${(qP)${var}} causes core dump

[Sven Wischnowsky]

Peter Stephenson wrote:

> Tanaka Akira wrote:
> > zsh dumps core as follows.
> > 
> > Z(2):akr@is27e1u11% Src/zsh -f
> > is27e1u11% var=a
> > is27e1u11% a=(\* \*)
> > is27e1u11% print -lr ${(qP)${var}}
> > \*
> > \*
> > is27e1u11% print -lr ${(qP)${var}}
> > zsh: segmentation fault (core dumped)  Src/zsh -f
> 
> The problem seems to be that paramsubst() is setting `copied = 1' after
> retrieving the inner expression.  However, the value is then fetched for
> the resulting parameter name `a', and it's only at that point one should
> take account of whether the value has been copied.  Hence it was
> erroneously operating directly on the value stored in the array.
> 
> Note that you can actually get away with ${(qP)var}, because the shell has
> already been told of the inner lookup.
> 
> The following is safe, but Sven can probably tell us if converting the
> unconditional assignment to
>   if (!aspar)
>       copied = 1;
> would be better.

It might save a little bit of memory but when thinking about possible
future changes, I think I prefer the unconditional assignment.

Bye
 Sven


--
Sven Wischnowsky                         wischnow@informatik.hu-berlin.de