Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: zsh 5.0.5-dev-2

X-seq: zsh-workers 33031
From: Han Pingtian <hanpt@xxxxxxxxxxxxxxxxxx>
To: zsh-workers@xxxxxxx
Subject: Re: zsh 5.0.5-dev-2
Date: Mon, 18 Aug 2014 22:02:29 +0800
In-reply-to: <140817233619.ZM25264@torch.brasslantern.com>
List-help: <mailto:zsh-workers-help@zsh.org>
List-id: Zsh Workers List <zsh-workers.zsh.org>
List-post: <mailto:zsh-workers@zsh.org>
Mail-followup-to: zsh-workers@xxxxxxx
Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm
References: <20140814103227.74c7d168@pwslap01u.europe.root.pri> <140814092045.ZM18007@torch.brasslantern.com> <20140814205429.44baf512@pws-pc.ntlworld.com> <140814214412.ZM4177@torch.brasslantern.com> <20140815112316.GA17063@localhost.localdomain> <140815101701.ZM5288@torch.brasslantern.com> <20140816003504.GB17063@localhost.localdomain> <140817103030.ZM12944@torch.brasslantern.com> <20140818025620.GA4198@localhost.localdomain> <140817233619.ZM25264@torch.brasslantern.com>

On Sun, Aug 17, 2014 at 11:36:19PM -0700, Bart Schaefer wrote:
> On Aug 18, 10:56am, Han Pingtian wrote:
> } Subject: Re: zsh 5.0.5-dev-2
> }
> } On Sun, Aug 17, 2014 at 10:30:30AM -0700, Bart Schaefer wrote:
> } > 
> } > I suspect Fortify is reporting a potential error rather than a real
> } > one, because we'd presumably have seen other problems before this if
> } > "cd .." actually caused an 8kb buffer on the stack to overflow.
> } 
> } I have tried to print the length of xbuf and *pp before the sprintf().
> } Looks like when overflow being triggered, the length of xbuf is 8188,
> } and the length of *pp is 10.
> 
> I now suspect you've deliberately constructed and (with chaselinks not
> set?) cd'd one level down at a time into a path that's at least 8188
> characters long, and then setopt chaselinks and done "cd .." from the
> bottom directory in that path.  Is that correct?
> 
Sorry for the confusing. I found this problem with this command which
comes from 32274:

    % for i in `seq 1000`; do mkdir 0123456789; cd 0123456789; done; cd ..

And the filesystem is tmpfs. I don't set chaselinks, but looks like it
will be set within cd_try_chdir():

1119     if (!chasinglinks)
1120         dochaselinks = fixdir(buf);
... ...
1134     if (dochaselinks)
1135         chasinglinks = 1;

then xsymlink() will be called.

References:
- Re: zsh 5.0.5-dev-2
  - From: Peter Stephenson
- Re: zsh 5.0.5-dev-2
  - From: Bart Schaefer
- Re: zsh 5.0.5-dev-2
  - From: Peter Stephenson
- Re: zsh 5.0.5-dev-2
  - From: Bart Schaefer
- Re: zsh 5.0.5-dev-2
  - From: Han Pingtian
- Re: zsh 5.0.5-dev-2
  - From: Bart Schaefer
- Re: zsh 5.0.5-dev-2
  - From: Han Pingtian
- Re: zsh 5.0.5-dev-2
  - From: Bart Schaefer
- Re: zsh 5.0.5-dev-2
  - From: Han Pingtian
- Re: zsh 5.0.5-dev-2
  - From: Bart Schaefer

Messages sorted by: Reverse Date, Date, Thread, Author