Re: segfault completing "foo$"

[Peter Stephenson <pws@xxxxxxx>]

On Wed, 22 Aug 2007 12:02:37 -0400
Clint Adams <clint@xxxxxxx> wrote:
> Type "foo$"<TAB><TAB><TAB> (1-3 tabs, depending on setup, I think) to
> segfault zsh.

That's never been properly handled, I don't think, but in 4.2 it didn't
cause a segfault, simply assigned a duff number in the parameter suffix
table.  The code implies that could do dire things later on, but I don't
know if it did.  Now we actually use the invalid value for creating a
prefix string to analyse, which causes the crash.  I think the immediate
fix is simply "don't do that".  I don't think parameter completion should
even be active in this case, but there's no way I'm going down that route.
This parq business is in the "not even obscure" category.

Index: Src/Zle/compresult.c
===================================================================
RCS file: /cvsroot/zsh/zsh/Src/Zle/compresult.c,v
retrieving revision 1.71
diff -u -r1.71 compresult.c
--- Src/Zle/compresult.c	28 May 2007 13:08:48 -0000	1.71
+++ Src/Zle/compresult.c	22 Aug 2007 16:47:57 -0000
@@ -1148,7 +1148,7 @@
 		makesuffixstr(m->remf, m->rems, 1);
 	}
     }
-    if (minfo.we && partest && isset(AUTOPARAMKEYS)) {
+    if (minfo.we && partest && isset(AUTOPARAMKEYS) && minfo.insc - parq > 0) {
 	/* the suffix code needs numbers of characters, not octets */
 	int outlen;
 	char *tmpstr = dupstrpfx(zlemetaline + parq, minfo.insc - parq);

-- 
Peter Stephenson <pws@xxxxxxx>                  Software Engineer
CSR PLC, Churchill House, Cambridge Business Park, Cowley Road
Cambridge, CB4 0WZ, UK                          Tel: +44 (0)1223 692070


.