Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: Buffer overflow in "!" handling?

X-seq: zsh-workers 26604
From: Peter Stephenson <pws@xxxxxxx>
To: DragonK <dragonk@xxxxxxxxx>
Subject: Re: Buffer overflow in "!" handling?
Date: Wed, 25 Feb 2009 11:42:47 +0000
Cc: zsh-workers@xxxxxxxxxx
In-reply-to: <8fa12ca90902250339n10d7ee9qecd03b0097b3d9a5@xxxxxxxxxxxxxx>
Mailing-list: contact zsh-workers-help@xxxxxxxxxx; run by ezmlm
References: <8fa12ca90902250142s171605bekd87885e3dbc5c4a6@xxxxxxxxxxxxxx> <20090225102603.089bc856@news01> <8fa12ca90902250339n10d7ee9qecd03b0097b3d9a5@xxxxxxxxxxxxxx>

DragonK wrote:
> > You're right, that's nasty. See if you can get it to happen with this...
> 
> I've applied the patch and it seems to work now; as far as I
> understand from the comments in mem.c, memory allocated with zhalloc()
> doesn't need to be explicitly free()d, right?

Yes, that's correct; the heap of memory is popped in one go when we
return to the top level of processing.  The hrealloc() is a bit of a
hack... we're not really reallocating heap most of the time, we're just
allocating more somewhere else, but from the API point of view it's the
simplest thing to do in the rare cases where we really need more than
256 words.

Thanks for looking.

-- 
Peter Stephenson <pws@xxxxxxx>                  Software Engineer
CSR PLC, Churchill House, Cambridge Business Park, Cowley Road
Cambridge, CB4 0WZ, UK                          Tel: +44 (0)1223 692070

References:
- Buffer overflow in "!" handling?
  - From: DragonK
- Re: Buffer overflow in "!" handling?
  - From: Peter Stephenson
- Re: Buffer overflow in "!" handling?
  - From: DragonK

Messages sorted by: Reverse Date, Date, Thread, Author