Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

PATCH: seg fault resulting from parameter unset code

X-seq: zsh-workers 16351
From: Oliver Kiddle <okiddle@xxxxxxxxxxx>
To: zsh-workers@xxxxxxxxxx
Subject: PATCH: seg fault resulting from parameter unset code
Date: Mon, 17 Dec 2001 10:46:51 +0000
Mailing-list: contact zsh-workers-help@xxxxxxxxxx; run by ezmlm
Sender: kiddleo@xxxxxxxxxxxxxxxxx

This results in a seg fault on some systems (at least Linux):

f() {
  integer i=4
  i=(3 4)
}
f

This has been around a while - 3.0.8 is affected and I wouldn't be
suprised if it is much older even than that. I'll also post a patch
(against 3.0.8) to sourceforge.

The problem is that when the integer is unset as part of the array
assignment by stdunsetfn(), the value (pm->u) is not set to the null
pointer. Later when the array is set, it attempts to free any existing
array. pm->u.arr is going to be 4 casted to a pointer and it tries to
free it. Note that if you change the 4 to 0, it mostly likely won't
seg fault.

Oliver

Index: Src/params.c
===================================================================
RCS file: /cvsroot/zsh/zsh/Src/params.c,v
retrieving revision 1.54
diff -u -r1.54 params.c
--- Src/params.c        2001/12/17 01:16:37     1.54
+++ Src/params.c        2001/12/17 10:39:40
@@ -2175,6 +2175,7 @@
        case PM_SCALAR: pm->sets.cfn(pm, NULL); break;
        case PM_ARRAY:  pm->sets.afn(pm, NULL); break;
         case PM_HASHED: pm->sets.hfn(pm, NULL); break;
+       default: pm->u.str = NULL; break;
     }
     pm->flags |= PM_UNSET;
 }

_____________________________________________________________________
This message has been checked for all known viruses by the 
MessageLabs Virus Scanning Service. For further information visit
http://www.messagelabs.com/stats.asp

Follow-Ups:
- Re: PATCH: seg fault resulting from parameter unset code
  - From: Oliver Kiddle

Messages sorted by: Reverse Date, Date, Thread, Author