Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: Fwd: Bug#924736: zsh 5.7.1 segfaults when three setopt options are in play [origin: wesley@xxxxxxxxxxxxx]

X-seq: zsh-workers 44142
From: Peter Stephenson <p.stephenson@xxxxxxxxxxx>
To: <zsh-workers@xxxxxxx>
Subject: Re: Fwd: Bug#924736: zsh 5.7.1 segfaults when three setopt options are in play [origin: wesley@xxxxxxxxxxxxx]
Date: Mon, 18 Mar 2019 10:18:22 +0000
Cms-type: 201P
Dkim-filter: OpenDKIM Filter v2.11.0 mailout2.w1.samsung.com 20190318101825euoutp02b567883d608ac9ed07826dcd5832d008~NBjze0eod3011230112euoutp02G
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samsung.com; s=mail20170921; t=1552904305; bh=VYsX+ep2NSR/38cxQEYWs+pOFAZ59r2hraCt8JWLeD8=; h=Subject:From:To:Date:In-Reply-To:References:From; b=YqbYp0g5f5YhTKYc5uBp87GKbzWlbzJfwsPDX5cP6HzCzgMjlAdQPEzfJKQOjTq9e GuobSuuJYVOeiXPH1B/6FY99PrjdO3a4csUS5gQxTCaVlQiPXh4ASwLiKXpRJRqsQ6 k/EgFnKSpL4zp59t2hLZxZLOvxvIDJXXj/FCE7tw=
In-reply-to: <20190316214155.GH10429@sym.noone.org>
List-help: <mailto:zsh-workers-help@zsh.org>
List-id: Zsh Workers List <zsh-workers.zsh.org>
List-post: <mailto:zsh-workers@zsh.org>
List-unsubscribe: <mailto:zsh-workers-unsubscribe@zsh.org>
Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm
References: <CGME20190316214308epcas4p4470c8cac303dbbcdcec8e62a593e3ceb@epcas4p4.samsung.com> <20190316214155.GH10429@sym.noone.org>

On Sat, 2019-03-16 at 22:41 +0100, Axel Beckert wrote:
> Have a zshrc with the following setopts:
> 
> setopt hist_reduce_blanks
> setopt hist_ignore_space
> setopt interactivecomments
> 
> * Run zsh -f
> * Now enter `     #`
> * You get a command not found error
> * Now source your zshrc
> * Again entery `     #`
> * Segfault

Yes, that's completely reproducible.

I think it's the logic within histreduceblanks() that's flaky in this
case, where there's a comment at the end of a line with no commands and
hence no words.  The final comment is a special case because the
positions of words aren't marked.  It can't possibly be correct to do
that copy at the end if the destination pointer is after the source
pointer, can it?  So I think the following ought to be safe.

If anyone else thinks the code here is trying to do something cleverer that this
may stop --- your guess is as good as mine at this point --- let me know
(but I think that's a much lesser problem).

pws

diff --git a/Src/hist.c b/Src/hist.c
index f7e53de..901cd3b 100644
--- a/Src/hist.c
+++ b/Src/hist.c
@@ -1198,8 +1198,9 @@ histreduceblanks(void)
 	chline[pos] = '\0';
     } else {
 	ptr = chline + pos;
-	while ((*ptr++ = *lastptr++))
-	    ;
+	if (ptr < lastptr)
+	    while ((*ptr++ = *lastptr++))
+		;
     }
 }

References:
- Fwd: Bug#924736: zsh 5.7.1 segfaults when three setopt options are in play [origin: wesley@xxxxxxxxxxxxx]
  - From: Axel Beckert

Messages sorted by: Reverse Date, Date, Thread, Author