Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Re: buffer overflow detected ***: ../Src/zsh terminated



Alexey Tourbin <at@xxxxxxxxxxx> wrote:
> On Fri, Mar 30, 2007 at 06:01:45PM +0400, Alexey Tourbin wrote:
> > Here is what happens with most recent zsh snapshot.
> > 
> > ./D07multibyte.ztst: starting.
> > Testing multibyte with locale en_US.UTF-8
> > *** buffer overflow detected ***: ../Src/zsh terminated
> 
> git-bisect blames this change:
> 
> commit c28114a1fadd68432443c3a4b3822efdd11dbad2
> Author: Peter Stephenson
> Date:   Sat Feb 10 22:12:59 2007 +0000
> 
>     fix metafication of ${(#)x}

It might wll be this stupidity.  I can't rely on the number of digits
in an unsigned int, hence I've added the "&", too.

Index: Src/subst.c
===================================================================
RCS file: /cvsroot/zsh/zsh/Src/subst.c,v
retrieving revision 1.76
diff -u -r1.76 subst.c
--- Src/subst.c	25 Feb 2007 23:41:04 -0000	1.76
+++ Src/subst.c	2 Apr 2007 10:46:07 -0000
@@ -1199,10 +1199,11 @@
 	return NULL;
 #ifdef MULTIBYTE_SUPPORT
     if (isset(MULTIBYTE) && ires > 127) {
-	char buf[10];
+	/* '\\' + 'U' + 8 bytes of character + '\0' */
+	char buf[11];
 
 	/* inefficient: should separate out \U handling from getkeystring */
-	sprintf(buf, "\\U%.8x", (unsigned int)ires);
+	sprintf(buf, "\\U%.8x", (unsigned int)ires & 0xFFFFFFFFu);
 	ptr = getkeystring(buf, &len, GETKEYS_BINDKEY, NULL);
     }
     if (len == 0)


-- 
Peter Stephenson <pws@xxxxxxx>                  Software Engineer
CSR PLC, Churchill House, Cambridge Business Park, Cowley Road
Cambridge, CB4 0WZ, UK                          Tel: +44 (0)1223 692070


To access the latest news from CSR copy this link into a web browser:  http://www.csr.com/email_sig.php

To get further information regarding CSR, please visit our Investor Relations page at http://ir.csr.com/csr/about/overview



Messages sorted by: Reverse Date, Date, Thread, Author