zsh bug

["Drew Middlesworth" <drew.middlesworth@xxxxxxxxx>]

I've been able to reproduce this bug on Ubuntu Dapper (zsh
4.2.5-23ubuntu3), Ubuntu Edgy (zsh 4.3.2-13ubuntu1), Ubuntu Gusty (zsh
4.3.4-14ubuntu2),CentOS5 (zsh-4.2.6-1) and also in the latest
development (zsh 4.3.4) on multiple operating systems. This issue
doesn't seem to exist in zsh version 4.1.1 that we also tested. The
steps to reproduce this are below.

Could you also reply CC my address too? Thanks,

Drew


Steps to reproduce (on dapper, with vi bindings):
 - enter some commands (echo foo ...)
 - hit esc to go into command mode
 - do a backward search: hit [the ?/ key] to get a '?' char indicating
  a backward search. search for something you typed a few lines
  back.
 - the search is successful, you're now a few lines back in the history
 - repeat:
  - shift-[the ?/ key] to get a '/' char indicating a forward-search
    (yes, normally you'd press [?/] without shift to get this char, but
     they invert it, since normally you want to search backwards
     through history)
  - backspace: don't search
  - scroll up or down in the history

After a few tries, pressing shift-[?/], when a '/' char should appear will
crash zsh:

Here, I searched backwards for 'echo c', then it crashed (after a few
tries) when I'd scrolled back to the 'echo a' line and tried a
forward-search:

epizzi@epizzi:~$ zsh
[epizzi:~]$ echo a
a
[epizzi:~]$ echo b
b
[epizzi:~]$ echo c
c
[epizzi:~]$ echo d
d
[epizzi:~]$ echo e
e
[epizzi:~]$ echo *** glibc detected *** double free or corruption
(fasttop): 0x080dfea8 ***
Aborted