Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

PATCH 1/5: Fix reading outside string in termquery.c

X-seq: zsh-workers 54478
From: Mikael Magnusson <mikachu@xxxxxxxxx>
To: zsh-workers@xxxxxxx
Subject: PATCH 1/5: Fix reading outside string in termquery.c
Date: Wed, 6 May 2026 11:23:30 +0200
Archived-at: <https://zsh.org/workers/54478>
List-id: <zsh-workers.zsh.org>

Valgrind complained:
==14618== Invalid read of size 1
==14618==    at 0x4CD2B00: __strcmp_sse2_unaligned (in /lib64/libc-2.32.so)
==14618==    by 0x60E19A4: collate_seq (termquery.c:713)
==14618==    by 0x60E1B5F: start_edit (termquery.c:736)
==14618==    by 0x60B9DF1: zleread (zle_main.c:1363)
==14618==    by 0x60BD05A: zle_main_entry (zle_main.c:2148)
==14618==    by 0x45CD6B: zleentry (init.c:1779)
==14618==    by 0x45E0B0: inputline (input.c:421)
==14618==    by 0x45DEFE: ingetc (input.c:354)
==14618==    by 0x44FD6C: ihgetc (hist.c:420)
==14618==    by 0x46889F: gettok (lex.c:622)
==14618==    by 0x467F2E: zshlex (lex.c:275)
==14618==    by 0x48F341: parse_event (parse.c:619)
==14618==  Address 0x4e7354c is 5 bytes after a block of size 7 alloc'd
==14618==    at 0x48397B5: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==14618==    by 0x474907: zalloc (mem.c:966)
==14618==    by 0x4AB335: ztrdup (string.c:68)
==14618==    by 0x4365EB: addvars (exec.c:2619)
==14618==    by 0x438711: execcmd_exec (exec.c:3389)
==14618==    by 0x434ADC: execpline2 (exec.c:2014)
==14618==    by 0x43371F: execpline (exec.c:1739)
==14618==    by 0x43299A: execlist (exec.c:1492)
==14618==    by 0x432000: execode (exec.c:1273)
==14618==    by 0x45BF77: source (init.c:1623)
==14618==    by 0x45C45D: sourcehome (init.c:1699)
==14618==    by 0x45BB46: run_init_scripts (init.c:1507)
---
 Src/Zle/termquery.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/Src/Zle/termquery.c b/Src/Zle/termquery.c
index bd601735fd..ce547289f5 100644
--- a/Src/Zle/termquery.c
+++ b/Src/Zle/termquery.c
@@ -710,8 +710,9 @@ collate_seq(int sindex, int dir)
 	    if ((editext[i].class &&
                 !strncmp(*e + negate, editext[i].key, editext[i].class) &&
 		!*(*e + negate + editext[i].class)) ||
-		!strcmp(*e + negate + editext[i].class,
-                    editext[i].key + editext[i].class))
+		(strlen(*e + negate) >= editext[i].class &&
+		 !strcmp(*e + negate + editext[i].class,
+                    editext[i].key + editext[i].class)))
 	    {
                 enabled = !negate;
 		break;
-- 
2.38.1

Follow-Ups:
- Re: PATCH 1/5: Fix reading outside string in termquery.c
  - From: Oliver Kiddle

Messages sorted by: Reverse Date, Date, Thread, Author