Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

PATCH: seg fault resulting from parameter unset code

This results in a seg fault on some systems (at least Linux):

f() {
  integer i=4
  i=(3 4)

This has been around a while - 3.0.8 is affected and I wouldn't be
suprised if it is much older even than that. I'll also post a patch
(against 3.0.8) to sourceforge.

The problem is that when the integer is unset as part of the array
assignment by stdunsetfn(), the value (pm->u) is not set to the null
pointer. Later when the array is set, it attempts to free any existing
array. pm->u.arr is going to be 4 casted to a pointer and it tries to
free it. Note that if you change the 4 to 0, it mostly likely won't
seg fault.


Index: Src/params.c
RCS file: /cvsroot/zsh/zsh/Src/params.c,v
retrieving revision 1.54
diff -u -r1.54 params.c
--- Src/params.c        2001/12/17 01:16:37     1.54
+++ Src/params.c        2001/12/17 10:39:40
@@ -2175,6 +2175,7 @@
        case PM_SCALAR: pm->sets.cfn(pm, NULL); break;
        case PM_ARRAY:  pm->sets.afn(pm, NULL); break;
         case PM_HASHED: pm->sets.hfn(pm, NULL); break;
+       default: pm->u.str = NULL; break;
     pm->flags |= PM_UNSET;

This message has been checked for all known viruses by the 
MessageLabs Virus Scanning Service. For further information visit

Messages sorted by: Reverse Date, Date, Thread, Author