Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Re: Bug#283358: echo $((##)) overflows buffer



Clint Adams wrote:
> > falk@juist:~% echo $((##))
> > zsh: bad math expression: operator expected at `T\n^E ^A'

It's expecting a key string and getting just a null string.  I think
that's causing the buffer where the key should be written to be
uninitialised.  Presumably that can have direr effects when the pointer
has to be 64-bit aligned.

The following should trap the error before it gets to that stage.

% print $((##))
zsh: character missing after ##

Index: Src/math.c
===================================================================
RCS file: /cvsroot/zsh/zsh/Src/math.c,v
retrieving revision 1.21
diff -u -r1.21 math.c
--- Src/math.c	16 Aug 2004 09:53:11 -0000	1.21
+++ Src/math.c	29 Nov 2004 11:54:28 -0000
@@ -451,6 +451,10 @@
 		    int v;
 
 		    ptr++;
+		    if (!*ptr) {
+			zerr("character missing after ##", NULL, 0);
+			return EOI;
+		    }
 		    ptr = getkeystring(ptr, NULL, 6, &v);
 		    yyval.u.l = v;
 		    return NUM;

-- 
Peter Stephenson <pws@xxxxxxx>                  Software Engineer
CSR PLC, Churchill House, Cambridge Business Park, Cowley Road
Cambridge, CB4 0WZ, UK                          Tel: +44 (0)1223 692070


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**********************************************************************



Messages sorted by: Reverse Date, Date, Thread, Author