* [BUG] Segfault unmetafying empty string
@ 2018-12-21 16:58 dana
2018-12-24 14:35 ` Peter Stephenson
0 siblings, 1 reply; 2+ messages in thread
From: dana @ 2018-12-21 16:58 UTC (permalink / raw)
To: Zsh workers
This crashes the shell for me on 5.4.2 and master:
% compdef _foo foo
% _foo() { local -a x; : <<< ${(F)x/y} }
% foo <TAB>
(For some reason i can only replicate it during completion; idk why)
It seems like it's touching read-only memory trying to unmetafy an empty
string. Not sure where's best to deal with that
dana
#0 0x000055b20caa9460 in unmetafy (s=0x55b20cabddda "", len=0x7fff1e0485a0)
at utils.c:4836
#1 0x000055b20ca23eb7 in getherestr (fn=0x7f124bbb2248) at exec.c:4514
#2 0x000055b20ca2145b in execcmd_exec (state=0x7fff1e048e30,
eparams=0x7fff1e048a50, input=0, output=0, how=18, last1=2,
close_if_forked=-1) at exec.c:3631
#3 0x000055b20ca1c7e6 in execpline2 (state=0x7fff1e048e30, pcode=67, how=18,
input=0, output=0, last1=0) at exec.c:1927
#4 0x000055b20ca1b39c in execpline (state=0x7fff1e048e30, slcode=6146,
how=18, last1=0) at exec.c:1658
#5 0x000055b20ca1a63f in execlist (state=0x7fff1e048e30, dont_change_job=1,
exiting=0) at exec.c:1413
#6 0x000055b20ca19c7a in execode (p=0x55b20e865930, dont_change_job=1,
exiting=0, context=0x55b20cab3042 "shfunc") at exec.c:1192
#7 0x000055b20ca282c5 in runshfunc (prog=0x55b20e865930, wrap=0x0,
name=0x7f124bbb2168 "_foo") at exec.c:5974
#8 0x00007f124bfe4ebf in comp_wrapper (prog=0x55b20e865930, w=0x0,
name=0x7f124bbb2168 "_foo") at complete.c:1524
#9 0x000055b20ca280a8 in runshfunc (prog=0x55b20e865930,
wrap=0x7f124c203de0 <wrapper>, name=0x7f124bbb2168 "_foo") at exec.c:5958
#10 0x000055b20ca2788b in doshfunc (shfunc=0x55b20e8b7bf0,
doshargs=0x7f124bbb6ba8, noreturnval=0) at exec.c:5824
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [BUG] Segfault unmetafying empty string
2018-12-21 16:58 [BUG] Segfault unmetafying empty string dana
@ 2018-12-24 14:35 ` Peter Stephenson
0 siblings, 0 replies; 2+ messages in thread
From: Peter Stephenson @ 2018-12-24 14:35 UTC (permalink / raw)
To: zsh-workers
On my mobile at the moment, but the safe fix for this is a dupstring near the top of sepjoin if *s is null and heap is true - we already use ztrdup in the other case so this looks obvious. I'll commit it in the new year if no one has.
pws
On 21 December 2018 16:58:02 GMT, dana <dana@dana.is> wrote:
>This crashes the shell for me on 5.4.2 and master:
>
> % compdef _foo foo
> % _foo() { local -a x; : <<< ${(F)x/y} }
> % foo <TAB>
>
>(For some reason i can only replicate it during completion; idk why)
>
>It seems like it's touching read-only memory trying to unmetafy an
>empty
>string. Not sure where's best to deal with that
>
>dana
>
>
>#0 0x000055b20caa9460 in unmetafy (s=0x55b20cabddda "",
>len=0x7fff1e0485a0)
> at utils.c:4836
>#1 0x000055b20ca23eb7 in getherestr (fn=0x7f124bbb2248) at exec.c:4514
>#2 0x000055b20ca2145b in execcmd_exec (state=0x7fff1e048e30,
> eparams=0x7fff1e048a50, input=0, output=0, how=18, last1=2,
> close_if_forked=-1) at exec.c:3631
>#3 0x000055b20ca1c7e6 in execpline2 (state=0x7fff1e048e30, pcode=67,
>how=18,
> input=0, output=0, last1=0) at exec.c:1927
>#4 0x000055b20ca1b39c in execpline (state=0x7fff1e048e30, slcode=6146,
> how=18, last1=0) at exec.c:1658
>#5 0x000055b20ca1a63f in execlist (state=0x7fff1e048e30,
>dont_change_job=1,
> exiting=0) at exec.c:1413
>#6 0x000055b20ca19c7a in execode (p=0x55b20e865930, dont_change_job=1,
> exiting=0, context=0x55b20cab3042 "shfunc") at exec.c:1192
>#7 0x000055b20ca282c5 in runshfunc (prog=0x55b20e865930, wrap=0x0,
> name=0x7f124bbb2168 "_foo") at exec.c:5974
>#8 0x00007f124bfe4ebf in comp_wrapper (prog=0x55b20e865930, w=0x0,
> name=0x7f124bbb2168 "_foo") at complete.c:1524
>#9 0x000055b20ca280a8 in runshfunc (prog=0x55b20e865930,
>wrap=0x7f124c203de0 <wrapper>, name=0x7f124bbb2168 "_foo") at
>exec.c:5958
>#10 0x000055b20ca2788b in doshfunc (shfunc=0x55b20e8b7bf0,
> doshargs=0x7f124bbb6ba8, noreturnval=0) at exec.c:5824
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-12-24 14:47 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-12-21 16:58 [BUG] Segfault unmetafying empty string dana
2018-12-24 14:35 ` Peter Stephenson
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).