Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: Possible NULL deref in cfp_matcher_range?

X-seq: zsh-workers 35695
From: Mikael Magnusson <mikachu@xxxxxxxxx>
To: Peter Stephenson <p.w.stephenson@xxxxxxxxxxxx>
Subject: Re: Possible NULL deref in cfp_matcher_range?
Date: Sun, 5 Jul 2015 23:16:07 +0200
Cc: zsh workers <zsh-workers@xxxxxxx>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=PWZmXMa5R7qlUR38JQA2qCJUiy0Q7sXwwWXUwf3gXSY=; b=tJkBuYxerYMaqytNhIE9m90mC6AdRE3ByL2u9pWrP8oJkqd3iW3yARTNwbkXwW1FOX n+7kZyAqK/YeSC6LkZzLS0whDlxRNqSXJPI996fcwET75VAGSdfKcyT1wxhi60wTAhQz Z84Gb3ngdriJUDkozbe/8xyI+JnrdkGRqh6tpI2m0yOonajxzogeItJ96z8O4xSz4Z+u OBt2a+K7hdbl3lh0GmaW2MCazJKCbOLRGejY8wYBk2veyKeJBMeaSwZISAgK7fUxf6dB MR9xOLP9TCSuOGCPdN08pttHmXr6H9eYD9DQuvZbbed1Qs/VY0vJ/TOkd4WGqtYEqRA9 WHWg==
In-reply-to: <20150705183432.17866a54@ntlworld.com>
List-help: <mailto:zsh-workers-help@zsh.org>
List-id: Zsh Workers List <zsh-workers.zsh.org>
List-post: <mailto:zsh-workers@zsh.org>
Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm
References: <CAHYJk3TCpJ9=GWttiD3QKWRuqMtKmyWyqv2gkcgsQy=NruKpHQ@mail.gmail.com> <20150705183432.17866a54@ntlworld.com>

On Sun, Jul 5, 2015 at 7:34 PM, Peter Stephenson
<p.w.stephenson@xxxxxxxxxxxx> wrote:
> On Sun, 5 Jul 2015 16:52:19 +0200
> Mikael Magnusson <mikachu@xxxxxxxxx> wrote:
>> Checking some stuff with clang, and it complained here;
>>
>>         addc = (wchar_t)(*p == Meta ? p[1] ^ 32 : *p);
>>
>> First run through this code p is NULL, and the other places all (at
>> least the ones I looked at) protect accesses to p by "if (ret)" (which
>> is set at the same time as p). Should this do that, and/or do
>> something clever with len at the same time? Is there any way to
>> actually trigger addc to be WEOF here? Presumably if it is WEOF on the
>> second run when  is set, then it was also WEOF the first time.
>
> Actually, I suspect it's supposed to do this with the input chaaracter,
> not the output...

That makes even more sense. :)

-- 
Mikael Magnusson

References:
- Possible NULL deref in cfp_matcher_range?
  - From: Mikael Magnusson
- Re: Possible NULL deref in cfp_matcher_range?
  - From: Peter Stephenson

Messages sorted by: Reverse Date, Date, Thread, Author