Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: Zsh parser segmentation fault in strcatsub

X-seq: zsh-workers 41119
From: Bart Schaefer <schaefer@xxxxxxxxxxxxxxxx>
To: "zsh-workers@xxxxxxx" <zsh-workers@xxxxxxx>
Subject: Re: Zsh parser segmentation fault in strcatsub
Date: Wed, 17 May 2017 11:37:26 -0700
Cc: Eduardo Bustamante <dualbus@xxxxxxxxx>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brasslantern-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:date:in-reply-to:comments:references:to:subject:cc :mime-version; bh=98Vi0UsRUo+SokC20A4tTz6fc2JjYZFR0pYdEVt1pZI=; b=AV5FJ1Zmju44ifXpH4z7jtSztmf65j4tO0KIu8Xm0goXpt+QMgoH1kEBulZAg3cz22 CnTgL9zzLfPBDjwVkWF9l1GJJpZbOtvZAbK0PLzqXrqap8PER5Zu6gwMJz7qGC4igY2t bzE1SKlG4eqnUDDxV0Rbk2QrycaSwsR6I3YQJud5h/gxXqUaX4JrckXop0QCO5danmVB m/wwLyqZeaRKozdCZQe9hZS2cc9OgOUzOEZBLc/tmp+4L7lUbCQJSa2KwqKMlBsCPy0d WYUDx4o7U/MG1ygLyYACi92p+fwE/HIBEZo8W6gk4+aTfulda4rw/ApUJxhur7C8BlWz PVrg==
In-reply-to: <CAOSMAuvh6XLhfLYd37v_JQC+DQ7yMv_M4VEAM6DiXB4TLf2N1A@mail.gmail.com>
List-help: <mailto:zsh-workers-help@zsh.org>
List-id: Zsh Workers List <zsh-workers.zsh.org>
List-post: <mailto:zsh-workers@zsh.org>
Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm
References: <CAOSMAuuUiTz_3ih-b6TYnZYnevs+eYgOkXHjLY6oOTtCmQOWfg@mail.gmail.com> <CAH+w=7bs1PjG-DNLdCK1CsQsSNAsJzvOhE64j-sJZChuXLEGog@mail.gmail.com> <CAOSMAuvh6XLhfLYd37v_JQC+DQ7yMv_M4VEAM6DiXB4TLf2N1A@mail.gmail.com>

On May 15,  8:36pm, Eduardo Bustamante wrote:
}
} dualbus@debian:~/src/zsh/zsh$ ./Src/zsh -nf strcatsub
} =================================================================
} ==2860==ERROR: AddressSanitizer: heap-buffer-overflow on address
} 0x6290000041f8 at pc 0x56236c85fac3 bp 0x7ffe5ddad580 sp
} 0x7ffe5ddad578
} READ of size 1 at 0x6290000041f8 thread T0
}     #0 0x56236c85fac2 in mb_metacharlenconv
} /home/dualbus/src/zsh/zsh/Src/utils.c:5370
}     #1 0x56236c82ee04 in dopadding /home/dualbus/src/zsh/zsh/Src/subst.c:922

So this is
	cl = MB_METACHARLENCONV(t, &cchar);
and at least from my sources the reported error is on
	STOUC(*s)
that is, on the dereference of the pointer "t" from dopadding.

Could this be an architecture endian-ness issue while trying to interpret
bytes as belonging to a multibyte character?

Can you repeat the crash with multibyte support disabled in the compile?

I don't have clang readily available to try that compiler.

Follow-Ups:
- Re: Zsh parser segmentation fault in strcatsub
  - From: Eduardo Bustamante

References:
- Zsh parser segmentation fault in strcatsub
  - From: Eduardo Bustamante
- Re: Zsh parser segmentation fault in strcatsub
  - From: Bart Schaefer
- Re: Zsh parser segmentation fault in strcatsub
  - From: Eduardo Bustamante

Messages sorted by: Reverse Date, Date, Thread, Author