Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Bug: Null byte in shell history causes segfault during $historywords reverse subscripting

X-seq: zsh-workers 51798
From: Eric Freese <ericdfreese@xxxxxxxxx>
To: zsh-workers@xxxxxxx
Subject: Bug: Null byte in shell history causes segfault during $historywords reverse subscripting
Date: Fri, 26 May 2023 13:37:18 -0600
Archived-at: <https://zsh.org/workers/51798>
List-id: <zsh-workers.zsh.org>

Hi,

I've come across a segfault when shell history has been loaded from a
file and contains a command where a null byte was entered into the
line editor via ^V^@ (opposed to typing as $'\0'). Reverse
subscripting $historywords on a pattern that does not match triggers
the error.

I've reproduced the segfault on my local 5.9 installation as well as
in the zsh-users/zsh-docker images [1] for master, 5.4, and 4.3.11.

Here is my output. Note that I typed the ^@ by pressing ctrl+v
followed by ctrl+space.

```
% docker run --rm -it zshusers/zsh:master
06e7a43e26d3# HISTFILE=$(mktemp)
06e7a43e26d3# SAVEHIST=30
06e7a43e26d3# : ^@
06e7a43e26d3# fc -W
06e7a43e26d3# fc -R
06e7a43e26d3# echo $historywords[(r)nomatch*]
zsh: segmentation fault (core dumped)  zsh -df
```

[1]: https://github.com/zsh-users/zsh-docker

Cheers,
Eric

Follow-Ups:
- Re: Bug: Null byte in shell history causes segfault during $historywords reverse subscripting
  - From: Jun T
- Re: Bug: Null byte in shell history causes segfault during $historywords reverse subscripting
  - From: Bart Schaefer

Messages sorted by: Reverse Date, Date, Thread, Author