Re: Bug#459896: Segfaults in "apt-c(" completion

[Peter Stephenson <pws@xxxxxxx>]

On Wed, 9 Jan 2008 15:57:32 -0500
Clint Adams <clint@xxxxxxx> wrote:
> On Wed, Jan 09, 2008 at 05:35:30PM +0000, Peter Stephenson wrote:
> > Doesn't happen here, but in any case I suspect this is some quite basic
> > problem since the "(" forces the shell to complete all possible commands
> > after it.  So it's simply searching the entire set of tables for things
> > that can occur in command position.  It's probably some memory
> > allocation thing.
> 
> More info from valgrind:
> 
> ==7792== Invalid read of size 4
> ==7792==    at 0x80A1D23: pattryrefs (pattern.c:1873)

That means the pattern prog passed down is invalid.  The previous stack
trace suggests it's come from scanning a hash.  It looks to me like there's
a pointer to a pattern prog being left flailing in some circumstances...
I don't see how this can be the root cause since scanprog isn't tested
to see if it's NULL, it's just used based on the SCANPM flags.  So they may
be set or used wrongly.

Index: Src/params.c
===================================================================
RCS file: /cvsroot/zsh/zsh/Src/params.c,v
retrieving revision 1.140
diff -u -r1.140 params.c
--- Src/params.c	27 Dec 2007 16:00:55 -0000	1.140
+++ Src/params.c	10 Jan 2008 10:05:59 -0000
@@ -1308,8 +1308,10 @@
 					  SCANPM_KEYMATCH))))) {
 		    *inv = (v->flags & VALFLAG_INV) ? 1 : 0;
 		    *w = v->end;
+		    scanprog = NULL;
 		    return 1;
 		}
+		scanprog = NULL;
 	    } else
 		ta = getarrvalue(v);
 	    if (!ta || !*ta)

-- 
Peter Stephenson <pws@xxxxxxx>                  Software Engineer
CSR PLC, Churchill House, Cambridge Business Park, Cowley Road
Cambridge, CB4 0WZ, UK                          Tel: +44 (0)1223 692070