Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Re: Buffer overflow with long fd numbers in redirects



Hi,

On Mon, Oct 06, 2014 at 04:00:44PM +0200, Mikael Magnusson wrote:
> Someone reported this on IRC the other day,
> % >&333333333333333333333
> zsh: number truncated after 20 digits: 333333333333333333333
> *** buffer overflow detected ***: zsh terminated
> 
> At least one place where this is mishandled is in exec.c around line 3215,

I can reproduce this in 5.0.6.

But I can't reproduce this in 4.3.17 as in Debian Wheezy. There it
looks exactly like this:

> Output with the patch,
> % >&333333333333333333333
> zsh: number truncated after 20 digits: 333333333333333333333
> zsh: 553997653: bad file descriptor

!518 Z7 ?0 L2 abe@snidget:~ (pts/40 zsh 4.3.17 wheezy) 16:22:44 
~ → echo $ZSH_VERSION
4.3.17
!518 Z7 ?0 L2 abe@snidget:~ (pts/40 zsh 4.3.17 wheezy) 16:22:44 
~ → >&333333333333333333333
zsh: number truncated after 20 digits: 333333333333333333333
zsh: 553997653: bad file descriptor
!519 Z8 ?1 L2 abe@snidget:~ (pts/40 zsh 4.3.17 wheezy) 16:22:50 
~ → 

So this issue probably crept in somewhen between 4.3.17 and 5.0.6.

		Kind regards, Axel
-- 
/~\  Plain Text Ribbon Campaign                   | Axel Beckert
\ /  Say No to HTML in E-Mail and News            | abe@xxxxxxxxxxxxxxx  (Mail)
 X   See http://www.nonhtmlmail.org/campaign.html | abe@xxxxxxxxx (Mail+Jabber)
/ \  I love long mails: http://email.is-not-s.ms/ | http://noone.org/abe/ (Web)



Messages sorted by: Reverse Date, Date, Thread, Author