Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: An amusing way to crash zsh

X-seq: zsh-workers 30993
From: Peter Stephenson <p.stephenson@xxxxxxxxxxx>
To: zsh-workers@xxxxxxx
Subject: Re: An amusing way to crash zsh
Date: Tue, 22 Jan 2013 16:23:00 +0000
In-reply-to: <87a9s2cj5r.fsf@gmail.com>
List-help: <mailto:zsh-workers-help@zsh.org>
List-id: Zsh Workers List <zsh-workers.zsh.org>
List-post: <mailto:zsh-workers@zsh.org>
Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm
Organization: Samsung Cambridge Solution Centre
References: <87a9s2cj5r.fsf@gmail.com>

On Mon, 21 Jan 2013 22:37:04 +0100
Christian Neukirchen <chneukirchen@xxxxxxxxx> wrote:
> toying around on #zsh derf0 and I found the following commands which
> crash zsh:
> 
> juno% ${:wq}

It looks like the culprit is modify(), which is passing back a NULL
pointer --- in parameter handling we should always turn this into an
empty string instead.

This should make other such cases less horrific but print an error in
debug mode to trap the problem.

> juno% setopt histsubstpattern; echo ${:wF:3:s/%/foo}

I think that's fixed in the same way:  at least it doesn't crash any
more, whatever the hell it does.

Index: Src/subst.c
===================================================================
RCS file: /cvsroot/zsh/zsh/Src/subst.c,v
retrieving revision 1.139
diff -p -u -r1.139 subst.c
--- Src/subst.c	5 Oct 2012 21:35:06 -0000	1.139
+++ Src/subst.c	22 Jan 2013 16:19:41 -0000
@@ -3707,6 +3707,11 @@ paramsubst(LinkList l, LinkNode n, char 
 	char *y;
 
 	x = val;
+	if (!x) {
+	    /* Shouldn't have got here with a NULL string. */
+	    DPUTS(1, "value is NULL in paramsubst");
+	    return NULL;
+	}
 	if (prenum || postnum)
 	    x = dopadding(x, prenum, postnum, preone, postone,
 			  premul, postmul
@@ -4021,7 +4026,10 @@ modify(char **str, char **ptr)
 		    all = tmp;
 		    t = e;
 		}
-		*str = all;
+		if (!all)
+		    *str = dupstring("");
+		else
+		    *str = all;
 
 	    } else {
 		switch (c) {
Index: Test/D04parameter.ztst
===================================================================
RCS file: /cvsroot/zsh/zsh/Test/D04parameter.ztst,v
retrieving revision 1.68
diff -p -u -r1.68 D04parameter.ztst
--- Test/D04parameter.ztst	1 May 2012 19:43:44 -0000	1.68
+++ Test/D04parameter.ztst	22 Jan 2013 16:19:41 -0000
@@ -1544,3 +1544,10 @@
 0:Regression test for shwordsplit with null or unset IFS and quoted array
 >abc
 >a b c
+
+   foo=
+   print ${foo:wq}
+   print ${:wq}
+0:Empty parameter shouldn't cause modifiers to crash the shell
+>
+>


pws

References:
- An amusing way to crash zsh
  - From: Christian Neukirchen

Messages sorted by: Reverse Date, Date, Thread, Author