Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

PATCH 2/5: Fix use-after-free when handling TRAPEXIT

X-seq: zsh-workers 54479
From: Mikael Magnusson <mikachu@xxxxxxxxx>
To: zsh-workers@xxxxxxx
Subject: PATCH 2/5: Fix use-after-free when handling TRAPEXIT
Date: Wed, 6 May 2026 11:23:31 +0200
Archived-at: <https://zsh.org/workers/54479>
List-id: <zsh-workers.zsh.org>

Valgrind complained:
==23555==    by 0x4AB280: dupstring (string.c:39)
==23555==    by 0x44E3FE: getshfuncfile (hashtable.c:1064)
==23555==    by 0x43FC97: doshfunc (exec.c:6023)
==23555==    by 0x43EC26: execshfunc (exec.c:5584)
==23555==    by 0x43ADE8: execcmd_exec (exec.c:4108)
==23555==    by 0x434ADC: execpline2 (exec.c:2014)
==23555==    by 0x43371F: execpline (exec.c:1739)
==23555==    by 0x43299A: execlist (exec.c:1492)
==23555==    by 0x432000: execode (exec.c:1273)
==23555==    by 0x428D08: eval (builtin.c:6221)
==23555==    by 0x429452: bin_eval (builtin.c:6407)
==23555==  Address 0x7aade80 is 0 bytes inside a block of size 11 free'd
==23555==    at 0x483C17B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==23555==    by 0x474E5C: zsfree (mem.c:1878)
==23555==    by 0x44F0FC: dircache_set (hashtable.c:1545)
==23555==    by 0x44DDAE: freeshfuncnode (hashtable.c:897)
==23555==    by 0x4A8DA4: unsettrap (signals.c:766)
==23555==    by 0x4A94B6: starttrapscope (signals.c:868)
==23555==    by 0x43F75F: doshfunc (exec.c:5902)
==23555==    by 0x43EC26: execshfunc (exec.c:5584)
==23555==    by 0x43ADE8: execcmd_exec (exec.c:4108)
==23555==    by 0x434ADC: execpline2 (exec.c:2014)
==23555==    by 0x43371F: execpline (exec.c:1739)
==23555==    by 0x43299A: execlist (exec.c:1492)
==23555==  Block was alloc'd at
==23555==    at 0x48397B5: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==23555==    by 0x474907: zalloc (mem.c:966)
==23555==    by 0x4AB335: ztrdup (string.c:68)
==23555==    by 0x43E3A1: execfuncdef (exec.c:5387)
==23555==    by 0x432318: execsimple (exec.c:1329)
==23555==    by 0x4327D0: execlist (exec.c:1459)
==23555==    by 0x432000: execode (exec.c:1273)
==23555==    by 0x428D08: eval (builtin.c:6221)
==23555==    by 0x429452: bin_eval (builtin.c:6407)
==23555==    by 0x411C8E: execbuiltin (builtin.c:506)
==23555==    by 0x43B51C: execcmd_exec (exec.c:4237)
==23555==    by 0x434ADC: execpline2 (exec.c:2014)
---
 Src/exec.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Src/exec.c b/Src/exec.c
index 47d70b5a96..170c4734c2 100644
--- a/Src/exec.c
+++ b/Src/exec.c
@@ -5891,6 +5891,7 @@ doshfunc(Shfunc shfunc, LinkList doshargs, int noreturnval)
 	    Shfunc shcopy = (Shfunc)zhalloc(sizeof(struct shfunc));
 	    memcpy(shcopy, shfunc, sizeof(struct shfunc));
 	    shcopy->node.nam = dupstring(shfunc->node.nam);
+	    shcopy->filename = dupstring(shfunc->filename);
 	    shfunc = shcopy;
 	    name = shfunc->node.nam;
 	}
-- 
2.38.1

Messages sorted by: Reverse Date, Date, Thread, Author