From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <zsh-workers-return-42302-mason-zsh=primenet.com.au@zsh.org>
Received: (qmail 8641 invoked by alias); 20 Jan 2018 16:16:46 -0000
Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm
Precedence: bulk
X-No-Archive: yes
List-Id: Zsh Workers List <zsh-workers.zsh.org>
List-Post: <mailto:zsh-workers@zsh.org>
List-Help: <mailto:zsh-workers-help@zsh.org>
List-Unsubscribe: <mailto:zsh-workers-unsubscribe@zsh.org>
X-Seq: 42302
Received: (qmail 13522 invoked by uid 1010); 20 Jan 2018 16:16:45 -0000
X-Qmail-Scanner-Diagnostics: from mail-wm0-f42.google.com by f.primenet.com.au (envelope-from <tamelingdaniel@gmail.com>, uid 7791) with qmail-scanner-2.11 
 (clamdscan: 0.99.2/21882. spamassassin: 3.4.1.  
 Clear:RC:0(74.125.82.42):SA:0(-1.9/5.0):. 
 Processed in 1.77731 secs); 20 Jan 2018 16:16:45 -0000
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on f.primenet.com.au
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
	RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_PASS,
	T_DKIM_INVALID autolearn=ham autolearn_force=no version=3.4.1
X-Envelope-From: tamelingdaniel@gmail.com
X-Qmail-Scanner-Mime-Attachments: |
X-Qmail-Scanner-Zip-Files: |
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=references:user-agent:from:to:cc:subject:in-reply-to:date
         :message-id:mime-version;
        bh=ZFEXZKtjC/Y/No3yHU64LpJUF2pJ+3swKHqIKIMccCc=;
        b=JQpymuRAu+AD0Q0Ck3qN9B9sivqgtnp9VjpYs/Si4Fsk0/DfsvbD3pduUUPwGB19Tz
         he+nKqAONRING+SiyaGtDX6IhC65tx+nqhLfsgqmUiVQPy0UgR33+eco5NNlr0XebZns
         zSnHh/yGgJj6ChxA6i8c0k7sBDzs7EyzlqTIK5tsjr79CGWbqbIbxBtVD54oaBOS2ZvI
         RStB0ndOCjmhjThtvVGnn7v9ZTvNWx9ojSVCgx2FrriB4nDEpmounhH/j/Lxbsy+uoTa
         nVX2GkA8anMpTJg9l72brP4lQQUieXNaQMAySIX18nFeV5LOUebyi84/5qQxEWbB7WVL
         UuAQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:references:user-agent:from:to:cc:subject
         :in-reply-to:date:message-id:mime-version;
        bh=ZFEXZKtjC/Y/No3yHU64LpJUF2pJ+3swKHqIKIMccCc=;
        b=esVOcF3qDshbhruEoEFQmmPBY0tUPByP2tYFAAWFhQ4UnBfCNJb2lE5OfnvObuhPpf
         DZWDd77QnCyqdfsgPlhijEETtxbNHnmFva8GpDzt0y+Q2kohNJcV3n5EQFx9mJVYzZL5
         2FgStLiV5TjYw27emA20fRwPfVDASKYJnXTqsefX9GQPxZUtduTydtTQ2lyO65jvQZLx
         v/N43bql1E2mW2HNEeCQ27L1Wqn/+FxqDrY5IYWxICOXfy3VvwvumZYpQwQBLgliZ1eR
         N7SiKaxi4m3e3BrOe5loSwjuSMTQWJUBDEzF5DELl3zd0ilw8iH7wTJFbCPOyC5ORNcF
         ZG6Q==
X-Gm-Message-State: AKwxytfwXKltvb+ZySrTMyqaCSnOmZK0/dsAX0eq1+3kSDuI++f+WNa/
	vBpsVXhEtsdKFAQKmL+opS2mKg==
X-Google-Smtp-Source: AH8x2258VosD2hFTfu1AgYZHHLJif0FZ/W2tW8xVAKEO62c9GcpN8WQbyQvEfcPGmCQ8feY9t154MQ==
X-Received: by 10.80.169.161 with SMTP id n30mr4503509edc.40.1516464999433;
        Sat, 20 Jan 2018 08:16:39 -0800 (PST)
References: <20180114060557.hmrvpg6t4rdebgv6@gmail.com> <CAH+w=7bMF_Kzvme+5EVazsa2KKEHO2uh2-u_T0MSAx2H=zcXQg@mail.gmail.com>
User-agent: mu4e 0.9.18; emacs 25.3.1
From: Daniel Tameling <tamelingdaniel@gmail.com>
To: "zsh-workers\@zsh.org" <zsh-workers@zsh.org>
Cc: 
Subject: Re: [PATCH] jp: fix segfaults during parameter expansion
In-reply-to: <CAH+w=7bMF_Kzvme+5EVazsa2KKEHO2uh2-u_T0MSAx2H=zcXQg@mail.gmail.com>
Date: Sat, 20 Jan 2018 17:16:37 +0100
Message-ID: <m2fu705wuy.fsf@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi,

while working through my email backlog, I noticed that my zsh didn't
segfault. I used git bisect, and it looks like commit
4b8db48c6bd3c0230a5d81f49e478857adf9cda8 introduced it. Maybe this helps
someone that understands the code base better than me to figure out
what's wrong.

Kind regards
Daniel

Bart Schaefer <schaefer@brasslantern.com> writes:

> On Sat, Jan 13, 2018 at 10:05 PM, Joey Pabalinas
> <joeypabalinas@gmail.com> wrote:
>> Running `zsh -fc ': ${${(PAA)p[foo]}::=x}'` in current zsh versions causes:
>>
>>> "segmentation fault (core dumped) zsh -fc '(: ${${(PAA)p[foo]}::=x})'
>>
>> Add checks to catch NULL dereferences.
>
> Thanks for tracking this down.  Defensive programming is always good,
> but I think this is indicative of a problem further upstream.
>
> What's the expected output of that substitution?
>
> The following prevents the segfault for me, instead giving the error
> "zsh: not an identifier: " (i.e., empty string is not a valid
> parameter name).  But perhaps there's a different error that should
> occur here if val is NULL?
>
> diff --git a/Src/subst.c b/Src/subst.c
> index d027e3d..73491c2 100644
> --- a/Src/subst.c
> +++ b/Src/subst.c
> @@ -2430,7 +2430,10 @@ paramsubst(LinkList l, LinkNode n, char **str,
> int qt, int pf_flags,
>                 val = aval[0];
>                 isarr = 0;
>             }
> -           s = dyncat(val, s);
> +           if (val)
> +               s = dyncat(val, s);
> +           else
> +               s = dupstring(s);
>             /* Now behave po-faced as if it was always like that... */
>             subexp = 0;
>             /*


-- 
Daniel