Re: Crash when capturing command output in completion

[Bart Schaefer <schaefer@xxxxxxxxxxxxxxxx>]

On Jan 15, 10:17pm, Vin Shelton wrote:
}
} echo $(installed_packages)<TAB>
} 
} results in the crash.

OK, I can pretty trivially reproduce this, but what I get is:

schaefer<501> echo $(ls)
zsh: fatal error: out of memory

742                 compisuffix = (char *) zalloc((l = parwe - we) + 1);
(gdb) p parwe
$1 = 10
(gdb) p we
$2 = 12

So this ends up calling zcalloc(-1), and kapow.

"we" becomes 12 at compcore.c line 1261 in this block:

	    /* And adjust wb, we, and offs again. */
	    offs -= b - s;
	    wb = zlemetacs - offs;
	    we = wb + e - b;
	    ispar = (br >= 2 ? 2 : 1);
	    b[we-wb] = '\0';
	    return b;

We come into that block at line 1219 like this:

(gdb) p offs
$11 = 1
(gdb) p e
$12 = 0x818263 "\211x"
(gdb) p s
$13 = 0x818260 "\205ls\211x"
(gdb) p b
$14 = 0x818261 "ls\211x"
(gdb) p s
$15 = 0x818260 "\205ls\211x"
(gdb) p zlemetacs
$16 = 10
(gdb) p wb
$17 = 9
(gdb) p we
$18 = 10
(gdb) p br
$19 = 1

Neither "test" nor "set" is true, so we enter "if (compfunc)" at line
1251 to /* Save the prefix. */  This does nothing but assign "$" to
parpre, so the initial state of all those variables is unchanged by
the time we start to "adjust" them.

I'm not sure what's supposed to happen at this point.  None of these
values seem to line up with where the "adjustments" expect them.  I
suspect we've accidentally attempted to treat "(ls)" as a parameter
name.

The only recent change in compcore.c is lexsave() -> zcontext_save();
the last thing to actually touch this function was parameter modifier
handling, which is a different [new] branch of the same if/else and
happens independent of the branch causing this error.