Zsh Mailing List Archive
Messages sorted by:
Reverse Date,
Date,
Thread,
Author
Re: Possible NULL deref in cfp_matcher_range?
- X-seq: zsh-workers 35692
- From: Peter Stephenson <p.w.stephenson@xxxxxxxxxxxx>
- To: zsh workers <zsh-workers@xxxxxxx>
- Subject: Re: Possible NULL deref in cfp_matcher_range?
- Date: Sun, 5 Jul 2015 18:34:32 +0100
- In-reply-to: <CAHYJk3TCpJ9=GWttiD3QKWRuqMtKmyWyqv2gkcgsQy=NruKpHQ@mail.gmail.com>
- List-help: <mailto:zsh-workers-help@zsh.org>
- List-id: Zsh Workers List <zsh-workers.zsh.org>
- List-post: <mailto:zsh-workers@zsh.org>
- Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm
- References: <CAHYJk3TCpJ9=GWttiD3QKWRuqMtKmyWyqv2gkcgsQy=NruKpHQ@mail.gmail.com>
On Sun, 5 Jul 2015 16:52:19 +0200
Mikael Magnusson <mikachu@xxxxxxxxx> wrote:
> Checking some stuff with clang, and it complained here;
>
> addc = (wchar_t)(*p == Meta ? p[1] ^ 32 : *p);
>
> First run through this code p is NULL, and the other places all (at
> least the ones I looked at) protect accesses to p by "if (ret)" (which
> is set at the same time as p). Should this do that, and/or do
> something clever with len at the same time? Is there any way to
> actually trigger addc to be WEOF here? Presumably if it is WEOF on the
> second run when is set, then it was also WEOF the first time.
Actually, I suspect it's supposed to do this with the input chaaracter,
not the output...
pws
diff --git a/Src/Zle/computil.c b/Src/Zle/computil.c
index 27938c1..e5db086 100644
--- a/Src/Zle/computil.c
+++ b/Src/Zle/computil.c
@@ -4196,7 +4196,7 @@ cfp_matcher_range(Cmatcher *ms, char *add)
addlen = MB_METACHARLENCONV(add, &addc);
#ifdef MULTIBYTE_SUPPORT
if (addc == WEOF)
- addc = (wchar_t)(*p == Meta ? p[1] ^ 32 : *p);
+ addc = (wchar_t)(*add == Meta ? add[1] ^ 32 : *add);
#endif
if (!(m = *mp)) {
Messages sorted by:
Reverse Date,
Date,
Thread,
Author