SEGV in history when searching a null list

["Rocky Bernstein" <rocky.bernstein@xxxxxxxxx>]

Found this bug when adding history to zshdb:

#!/usr/local/bin/zsh -if
history -ap ./$$
fc -l commands



Program received signal SIGSEGV, Segmentation fault.
0x08080fab in up_histent (he=0x0) at hist.c:948
948        return he->up == hist_ring? NULL : he->up;
(gdb) where
where
#0  0x08080fab in up_histent (he=0x0) at hist.c:948
#1  0x08082544 in hcomsearch (str=0xb7ccc388 "commands") at hist.c:1455
#2  0x08059927 in fcgetcomm (s=0xb7ccc388 "commands") at builtin.c:1520
#3  0x0805885e in bin_fc (nam=0xb7ccc378 "fc", argv=0xbfffc1d4,
    ops=0xbfffc258, func=16) at builtin.c:1391
#4  0x0805555c in execbuiltin (args=0xb7ccc348, bn=0x80e082c) at builtin.c:438
#5  0x0807184d in execcmd (state=0xbfffc8ec, input=0, output=0, how=18,
    last1=2) at exec.c:3061
#6  0x0806d781 in execpline2 (state=0xbfffc8ec, pcode=259, how=18, input=0,
    output=0, last1=0) at exec.c:1557
#7  0x0806cb61 in execpline (state=0xbfffc8ec, slcode=5122, how=18, last1=0)
    at exec.c:1343
#8  0x0806c3a4 in execlist (state=0xbfffc8ec, dont_change_job=0, exiting=0)
    at exec.c:1141
#9  0x0806be79 in execode (p=0xb7ccc2d0, dont_change_job=0, exiting=0)
    at exec.c:973
#10 0x08085a2f in loop (toplevel=1, justonce=0) at init.c:181
#11 0x0808855c in zsh_main (argc=4, argv=0xbfffca24) at init.c:1406
#12 0x08054a86 in main (argc=Cannot access memory at address 0x706100
) at ./main.c:93
(gdb) p he
p he
$1 = (Histent) 0x0
(gdb) quit

A possible patch should be attached.

Index: Src/hist.c
===================================================================
RCS file: /cvsroot/zsh/zsh/Src/hist.c,v
retrieving revision 1.84
diff -u -r1.84 hist.c
--- Src/hist.c	18 Sep 2008 09:42:45 -0000	1.84
+++ Src/hist.c	20 Sep 2008 15:11:32 -0000
@@ -945,7 +945,7 @@
 mod_export Histent
 up_histent(Histent he)
 {
-    return he->up == hist_ring? NULL : he->up;
+    return !he || he->up == hist_ring? NULL : he->up;
 }
 
 /**/