Re: PATCH: Re: Seg fault in matcher-list matching

["Bart Schaefer" <schaefer@xxxxxxxxxxxxxxxxxxxxxxx>]

On May 15, 11:26am, Sven Wischnowsky wrote:
} Subject: PATCH: Re: Seg fault in matcher-list matching
}
} 
} Bart Schaefer wrote:
} 
} > I did this:
} > 
} > zagzig[41] /u/s/l/z/z4/s/zsh
} >                      ^cursor over the 4, press TAB
} > 
} > The path this was intended to match was /usr/src/local/zsh/zsh-2.4/src/zsh.
} > I had first tried TAB at the end of the line and gotten a feep, in case
} > that matters.
} 
} I couldn't get it to seg-fault, but there was something broken. Matching 
} of the suffix, for example, and that both in C and shell code.

It doesn't dump for me any more, but I'm still nervous about line 1767 of
compcore.c:

#1  0x80bd798 in addmatches (dat=0xbfffa854, argv=0xbfffa8d8)
    at ../../../zsh-3.1.6/Src/Zle/compcore.c:1768
1768                if ((ml = match_str(lsuf, s, &bsl, 0, NULL, 1, 0, 1)) >= 0) {
(gdb) l 
1763                    else
1764                        *argv = NULL;
1765                    bcp = lpl;
1766                }
1767                s = dat->psuf ? dat->psuf : "";
1768                if ((ml = match_str(lsuf, s, &bsl, 0, NULL, 1, 0, 1)) >= 0) {
1769                    if (matchsubs) {
1770                        Cline tmp = get_cline(NULL, 0, NULL, 0, NULL, 0, CLF_SUF);
1771
1772                        tmp->suffix = matchsubs;

The reported core dump was caused because match_str() wrote a '\0' byte into
the string pointed to by its second argument [`s' above, `w' in match_str()]
which is being passed as a string constant when dat->psuf == 0.  Is that a
potential bug, still?

-- 
Bart Schaefer                                 Brass Lantern Enterprises
http://www.well.com/user/barts              http://www.brasslantern.com