Re: segfaults in 4.0.2

[Sven Wischnowsky <wischnow@xxxxxxxxxxxxxxxxxxxxxxx>]

[Hi, I'm back.]

Bart Schaefer wrote:

> On Sep 8, 11:34am, Clint Adams wrote:
> }
> } Yes.  It doesn't happen with -f.
> } I can reproduce it this way:
> } 
> } prompt ${${(z):-adam1 adam2 bigfade clint elite2}[RANDOM%5]}
> } coproc || echo test
> 
> Hmm, the `pc' field in the wordcode state struct is messed up:
> 
> Breakpoint 1, ecgetstr (s=0xbffff6bc, dup=0, tok=0x0)
>     at ../../zsh-4.0/Src/parse.c:2102
> 2102        wordcode c = *s->pc++;
> (gdb) n
> 2105        if (c == 6 || c == 7)
> (gdb) p s->strs
> $6 = 0x4011b190 "echo"
> (gdb) p c
> $7 = 1074856044
> 
> This causes ecgetstr() to return a garbage pointer.

I couldn't make it crash, but I can see the problem: it's that empty
sublist, which the code in text.c wasn't able to handle (it made it
effectively look one code too far ahead).  The code in exec.c has an
extra test for that, so I've just (more or less) copied it from there.


Bye
  Sven

Index: Src/text.c
===================================================================
RCS file: /cvsroot/zsh/zsh/Src/text.c,v
retrieving revision 1.7
diff -u -r1.7 text.c
--- Src/text.c	2001/08/16 08:48:27	1.7
+++ Src/text.c	2001/09/25 12:01:50
@@ -274,10 +274,12 @@
 	    break;
 	case WC_SUBLIST:
 	    if (!s) {
+                if (wc_code(*state->pc) != WC_PIPE)
+                    stack = 1;
 		if (WC_SUBLIST_FLAGS(code) & WC_SUBLIST_NOT)
-		    taddstr("! ");
+		    taddstr(stack ? "!" : "! ");
 		if (WC_SUBLIST_FLAGS(code) & WC_SUBLIST_COPROC)
-		    taddstr("coproc ");
+		    taddstr(stack ? "coproc" : "coproc ");
 		s = tpush(code, (WC_SUBLIST_TYPE(code) == WC_SUBLIST_END));
 	    } else {
 		if (!(stack = (WC_SUBLIST_TYPE(code) == WC_SUBLIST_END))) {

-- 
Sven Wischnowsky                    wischnow@xxxxxxxxxxxxxxxxxxxxxxx