Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Re: Zsh parser segmentation fault on taddstr



On Sun, 7 May 2017 11:45:57 -0500
Eduardo Bustamante <dualbus@xxxxxxxxx> wrote:
> Hi all, the following file crashes Zsh when run with noexec:
> 
> dualbus@mksh-parser-4pxg:~$ cat -A
> cmin-zsh-crashes/output_16_crashes_id:000392,sig:11,src:016511+011323,op:splice,rep:2
> if (a)M-^?^@^@<<^EM-^?^I^F|&^D\
> 
> dualbus@mksh-parser-4pxg:~$ xxd
> cmin-zsh-crashes/output_16_crashes_id:000392,sig:11,src:016511+011323,op:splice,rep:2
> 00000000: 6966 2028 6129 ff00 003c 3c05 ff09 067c  if (a)...<<....|
> 00000010: 2604 5c                                  &.\

I haven't got an actual crash, but I am getting some undefined behaviour
which could do anything so is probably down to the same cause.  I can
get the same behaviour here:


% fn() { cat <<y |& cat
FOO
y
}
% which fn
 text.c:995: unknown word code in gettext2()
fn () {
	time <<y | cat
}


The message is only present with debug enabled.

That's a completely valid function --- I'm guessing it's to do with some
interaction between the here-document and the |&, since | works OK, but
that's as far as I've got.

pws



Messages sorted by: Reverse Date, Date, Thread, Author