Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

PATCH 4/5: Make sure zleline is null-terminated

X-seq: zsh-workers 54483
From: Mikael Magnusson <mikachu@xxxxxxxxx>
To: zsh-workers@xxxxxxx
Subject: PATCH 4/5: Make sure zleline is null-terminated
Date: Wed, 6 May 2026 11:23:33 +0200
Archived-at: <https://zsh.org/workers/54483>
List-id: <zsh-workers.zsh.org>

One of these, not sure which, triggered a warning from valgrind:
==31255== Conditional jump or move depends on uninitialised value(s)
==31255==    at 0x617D854: doinsert (zle_misc.c:51)
==31255==    by 0x617DA8D: selfinsert (zle_misc.c:124)
==31255==    by 0x617A51E: execzlefunc (zle_main.c:1492)
==31255==    by 0x6179357: zlecore (zle_main.c:1152)
==31255==    by 0x6179DFB: zleread (zle_main.c:1367)
==31255==    by 0x617D05A: zle_main_entry (zle_main.c:2148)
==31255==    by 0x45CD6B: zleentry (init.c:1779)
==31255==    by 0x45E0B0: inputline (input.c:421)
==31255==    by 0x45DEFE: ingetc (input.c:354)
==31255==    by 0x44FD6C: ihgetc (hist.c:420)
==31255==    by 0x46889F: gettok (lex.c:622)
==31255==    by 0x467F2E: zshlex (lex.c:275)

That code just does an innocuous zleline[zlecs] access, which many other
places also do.
---
 Src/Zle/zle_hist.c   | 1 +
 Src/Zle/zle_misc.c   | 1 +
 Src/Zle/zle_params.c | 6 +++++-
 Src/Zle/zle_utils.c  | 1 +
 Src/Zle/zle_vi.c     | 1 +
 5 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/Src/Zle/zle_hist.c b/Src/Zle/zle_hist.c
index 53c7226214..af450fb438 100644
--- a/Src/Zle/zle_hist.c
+++ b/Src/Zle/zle_hist.c
@@ -867,6 +867,7 @@ pushlineoredit(char **args)
 	ZS_memcpy(zleline, zhline, ics);
 	zlell += ics;
 	zlecs += ics;
+	zleline[zlell] = ZWC('\0');
 	free(zhline);
     }
     ret = pushline(args);
diff --git a/Src/Zle/zle_misc.c b/Src/Zle/zle_misc.c
index 3e50d5d4b3..98a7fb0931 100644
--- a/Src/Zle/zle_misc.c
+++ b/Src/Zle/zle_misc.c
@@ -1193,6 +1193,7 @@ quoteline(UNUSED(char **args))
     sizeline(len);
     ZS_memcpy(zleline, str, len);
     zlecs = zlell = len;
+    zleline[zlell] = ZWC('\0');
     return 0;
 }
 
diff --git a/Src/Zle/zle_params.c b/Src/Zle/zle_params.c
index 54019bf3b0..31ba3bd561 100644
--- a/Src/Zle/zle_params.c
+++ b/Src/Zle/zle_params.c
@@ -247,8 +247,10 @@ set_buffer(UNUSED(Param pm), char *x)
     if(x) {
 	setline(x, 0);
 	zsfree(x);
-    } else
+    } else {
 	viinsbegin = zlecs = zlell = 0;
+	zleline[zlell] = ZWC('\0');
+    }
     fixsuffix();
     menucmp = 0;
 }
@@ -342,6 +344,7 @@ set_lbuffer(UNUSED(Param pm), char *x)
     ZS_memmove(zleline + len, zleline + zlecs, zlell - zlecs);
     ZS_memcpy(zleline, y, len);
     zlell = zlell - zlecs + len;
+    zleline[zlell] = ZWC('\0');
     zlecs = len;
     zsfree(x);
     if (len)
@@ -371,6 +374,7 @@ set_rbuffer(UNUSED(Param pm), char *x)
     else
 	y = ZWS(""), len = 0;
     sizeline(zlell = zlecs + len);
+    zleline[zlell] = ZWC('\0');
     ZS_memcpy(zleline + zlecs, y, len);
     zsfree(x);
     if (len)
diff --git a/Src/Zle/zle_utils.c b/Src/Zle/zle_utils.c
index 6e2456b1f2..3d682ef2ff 100644
--- a/Src/Zle/zle_utils.c
+++ b/Src/Zle/zle_utils.c
@@ -511,6 +511,7 @@ stringaszleline(char *instr, int incs, int *outll, int *outsz, int *outcs)
 	if (outcs && inptr <= instr + incs)
 	    *outcs = outptr - outstr;
 	*outll = outptr - outstr;
+	outstr[*outll] = ZWC('\0');
     } else {
 	*outstr = ZWC('\0');
 	*outll = 0;
diff --git a/Src/Zle/zle_vi.c b/Src/Zle/zle_vi.c
index 86543e172a..58115beb97 100644
--- a/Src/Zle/zle_vi.c
+++ b/Src/Zle/zle_vi.c
@@ -236,6 +236,7 @@ getvirange(int wf)
 	if (histline != hist1 || zlell != lastll || ZS_memcmp(zleline, lastline, zlell)) {
 	    histline = hist1;
 	    ZS_memcpy(zleline, lastline, zlell = lastll);
+	    zleline[zlell] = ZWC('\0');
 	    zlecs = pos;
 	    mark = mpos;
 	    virangeflag = 0;
-- 
2.38.1

Follow-Ups:
- Re: PATCH 4/5: Make sure zleline is null-terminated
  - From: Bart Schaefer

Messages sorted by: Reverse Date, Date, Thread, Author