Re: [BUG] Zsh crashes when using autocomplete because of memory unsafety (double free)

[Bart Schaefer <schaefer@xxxxxxxxxxxxxxxx>]

On Fri, Jun 26, 2020 at 9:24 AM Daniel Shahaf <d.s@xxxxxxxxxxxxxxxxxx>
wrote:

>
> tl;dr: I can reproduce two different segfaults here: one of them with
> a minimal reproduction recipe; one with my personal setup, and
> a specific setopt makes it go away.
>

Even more minimal:

% autoload compinit
% compinit -D
% setopt completeinword
% alias a='"<left><TAB>

I think it has to do with
compset -P 1 '*='
compset -q

If you look at what happens with

% alias a='<TAB>
% alias a=

Alternately,

% alias a='"<TAB>
% alias a=\"

So, what's happening is that a=' turns into a=\" and consequently increases
the offset by one, but then when completion fails (because of the
double-quote not matching anything to the right of the cursor) and the
original command line is restored, the new larger offset is applied to the
original a=' string and indexes off the left end.

Having gotten that far, though, I don't know how to fix it.