zsh-workers
 help / color / mirror / code / Atom feed
* [BUG] Segfault unmetafying empty string
@ 2018-12-21 16:58 dana
  2018-12-24 14:35 ` Peter Stephenson
  0 siblings, 1 reply; 2+ messages in thread
From: dana @ 2018-12-21 16:58 UTC (permalink / raw)
  To: Zsh workers

This crashes the shell for me on 5.4.2 and master:

  % compdef _foo foo
  % _foo() { local -a x; : <<< ${(F)x/y} }
  % foo <TAB>

(For some reason i can only replicate it during completion; idk why)

It seems like it's touching read-only memory trying to unmetafy an empty
string. Not sure where's best to deal with that

dana


#0  0x000055b20caa9460 in unmetafy (s=0x55b20cabddda "", len=0x7fff1e0485a0)
    at utils.c:4836
#1  0x000055b20ca23eb7 in getherestr (fn=0x7f124bbb2248) at exec.c:4514
#2  0x000055b20ca2145b in execcmd_exec (state=0x7fff1e048e30,
    eparams=0x7fff1e048a50, input=0, output=0, how=18, last1=2,
    close_if_forked=-1) at exec.c:3631
#3  0x000055b20ca1c7e6 in execpline2 (state=0x7fff1e048e30, pcode=67, how=18,
    input=0, output=0, last1=0) at exec.c:1927
#4  0x000055b20ca1b39c in execpline (state=0x7fff1e048e30, slcode=6146,
    how=18, last1=0) at exec.c:1658
#5  0x000055b20ca1a63f in execlist (state=0x7fff1e048e30, dont_change_job=1,
    exiting=0) at exec.c:1413
#6  0x000055b20ca19c7a in execode (p=0x55b20e865930, dont_change_job=1,
    exiting=0, context=0x55b20cab3042 "shfunc") at exec.c:1192
#7  0x000055b20ca282c5 in runshfunc (prog=0x55b20e865930, wrap=0x0,
    name=0x7f124bbb2168 "_foo") at exec.c:5974
#8  0x00007f124bfe4ebf in comp_wrapper (prog=0x55b20e865930, w=0x0,
    name=0x7f124bbb2168 "_foo") at complete.c:1524
#9  0x000055b20ca280a8 in runshfunc (prog=0x55b20e865930,
    wrap=0x7f124c203de0 <wrapper>, name=0x7f124bbb2168 "_foo") at exec.c:5958
#10 0x000055b20ca2788b in doshfunc (shfunc=0x55b20e8b7bf0,
    doshargs=0x7f124bbb6ba8, noreturnval=0) at exec.c:5824


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [BUG] Segfault unmetafying empty string
  2018-12-21 16:58 [BUG] Segfault unmetafying empty string dana
@ 2018-12-24 14:35 ` Peter Stephenson
  0 siblings, 0 replies; 2+ messages in thread
From: Peter Stephenson @ 2018-12-24 14:35 UTC (permalink / raw)
  To: zsh-workers

On my mobile at the moment, but the safe fix for this is a dupstring near the top of sepjoin if *s is null and heap is true - we already use ztrdup in the other case so this looks obvious. I'll commit it in the new year if no one has.

pws


On 21 December 2018 16:58:02 GMT, dana <dana@dana.is> wrote:
>This crashes the shell for me on 5.4.2 and master:
>
>  % compdef _foo foo
>  % _foo() { local -a x; : <<< ${(F)x/y} }
>  % foo <TAB>
>
>(For some reason i can only replicate it during completion; idk why)
>
>It seems like it's touching read-only memory trying to unmetafy an
>empty
>string. Not sure where's best to deal with that
>
>dana
>
>
>#0  0x000055b20caa9460 in unmetafy (s=0x55b20cabddda "",
>len=0x7fff1e0485a0)
>    at utils.c:4836
>#1  0x000055b20ca23eb7 in getherestr (fn=0x7f124bbb2248) at exec.c:4514
>#2  0x000055b20ca2145b in execcmd_exec (state=0x7fff1e048e30,
>    eparams=0x7fff1e048a50, input=0, output=0, how=18, last1=2,
>    close_if_forked=-1) at exec.c:3631
>#3  0x000055b20ca1c7e6 in execpline2 (state=0x7fff1e048e30, pcode=67,
>how=18,
>    input=0, output=0, last1=0) at exec.c:1927
>#4  0x000055b20ca1b39c in execpline (state=0x7fff1e048e30, slcode=6146,
>    how=18, last1=0) at exec.c:1658
>#5  0x000055b20ca1a63f in execlist (state=0x7fff1e048e30,
>dont_change_job=1,
>    exiting=0) at exec.c:1413
>#6  0x000055b20ca19c7a in execode (p=0x55b20e865930, dont_change_job=1,
>    exiting=0, context=0x55b20cab3042 "shfunc") at exec.c:1192
>#7  0x000055b20ca282c5 in runshfunc (prog=0x55b20e865930, wrap=0x0,
>    name=0x7f124bbb2168 "_foo") at exec.c:5974
>#8  0x00007f124bfe4ebf in comp_wrapper (prog=0x55b20e865930, w=0x0,
>    name=0x7f124bbb2168 "_foo") at complete.c:1524
>#9  0x000055b20ca280a8 in runshfunc (prog=0x55b20e865930,
>wrap=0x7f124c203de0 <wrapper>, name=0x7f124bbb2168 "_foo") at
>exec.c:5958
>#10 0x000055b20ca2788b in doshfunc (shfunc=0x55b20e8b7bf0,
>    doshargs=0x7f124bbb6ba8, noreturnval=0) at exec.c:5824

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2018-12-24 14:47 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-12-21 16:58 [BUG] Segfault unmetafying empty string dana
2018-12-24 14:35 ` Peter Stephenson

Code repositories for project(s) associated with this public inbox

	https://git.vuxu.org/mirror/zsh/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).