An amusing way to crash zsh

[Christian Neukirchen <chneukirchen@xxxxxxxxx>]

Hi,

toying around on #zsh derf0 and I found the following commands which
crash zsh:

zsh --version
zsh 5.0.2 (x86_64-unknown-linux-gnu)

juno% ${:wq}

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff721aaa1 in __strlen_sse2_pminub () from /usr/lib/libc.so.6
(gdb) bt
#0  0x00007ffff721aaa1 in __strlen_sse2_pminub () from /usr/lib/libc.so.6
#1  0x000000000047ac6a in ?? ()
#2  0x000000000047ddad in prefork ()
#3  0x00000000004290e8 in ?? ()
#4  0x000000000042b866 in ?? ()
#5  0x000000000042bdaf in ?? ()
#6  0x000000000042cf5f in execlist ()
#7  0x000000000042d47d in execode ()
#8  0x000000000043d972 in loop ()
#9  0x0000000000440b1e in zsh_main ()
#10 0x00007ffff70eca15 in __libc_start_main () from /usr/lib/libc.so.6
#11 0x000000000040f3d1 in _start ()

This is the stripped down version of the next command, probably
segfaulting for the same reason:

juno% setopt histsubstpattern; echo ${:wF:3:s/%/foo}

Program received signal SIGSEGV, Segmentation fault.
0x00000000004864a0 in findword ()
(gdb) bt
#0  0x00000000004864a0 in findword ()
#1  0x000000000047841f in modify ()
#2  0x000000000047b916 in ?? ()
#3  0x000000000047ddad in prefork ()
#4  0x00000000004290e8 in ?? ()
#5  0x000000000042b866 in ?? ()
#6  0x000000000042bdaf in ?? ()
#7  0x000000000042cf5f in execlist ()
#8  0x000000000042d47d in execode ()
#9  0x000000000043d972 in loop ()
#10 0x0000000000440b1e in zsh_main ()
#11 0x00007ffff70eca15 in __libc_start_main () from /usr/lib/libc.so.6
#12 0x000000000040f3d1 in _start ()

the bug also has been reproduced with
zsh 5.0.2-dev-0 (x86_64-unknown-linux-gnu) at GIT checkout 27c5a0d77.
and zsh 4.3.10 (i686-pc-linux-gnu)

:wq,
-- 
Christian Neukirchen  <chneukirchen@xxxxxxxxx>  http://chneukirchen.org