Zsh Mailing List Archive
Messages sorted by:
Reverse Date,
Date,
Thread,
Author
Multiple Null Pointer Dereference Vulnerabilities in Zsh identified by Static Analysis
- X-seq: zsh-workers 54460
- From: Pasidu Rashmitha <pasidurashmitha054@xxxxxxxxx>
- To: zsh-workers@xxxxxxx
- Subject: Multiple Null Pointer Dereference Vulnerabilities in Zsh identified by Static Analysis
- Date: Sun, 3 May 2026 19:08:20 +0530
- Arc-authentication-results: i=1; mx.google.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=to:subject:message-id:date:from:mime-version:dkim-signature; bh=9dX+/3sGpGE0NkIuMVDPh0K/EgrIQPY67B/effdIkMM=; fh=SbTlPuNNxBzTkRlwWtqw/TXBY0HvGvtE97RpPp3sJPM=; b=j4Kt/AOKx00A/ebwsbFLuQoqDohfoo2dVcXODdzFGXAfbC1YsWCK5JnWsS5L0/ZAuN UWjFEhhg1hx0JIJaC/nTHPzWY++++UCLV/eBEQApev+qcHAkhaZklZOjYx/rgpAX3BIi sdIwPI9v/8IbcUmbgTcUNEnlc6/EQZpbo3tVQvxW7qjjs0d8ABDZF59bBevDxlZFdLJK lelrWb39h2BWEqgVuOF3ohQKnd/JEaxXyYDt5UZ5N+ibFXZ4hne8JQCqZsV8Eoq0YAam UaPipbXQo/zE4qKv2bs7pmlYKBnKF0OptbPIHs5P3X/lA6sAwtkFYC1owrhJKt90Bmac sf6Q==; darn=zsh.org
- Arc-seal: i=1; a=rsa-sha256; t=1777815513; cv=none; d=google.com; s=arc-20240605; b=hDi6Yw+m2zpUrvDUtDkSnjH1Ix0iJlOHpzYk2tx9yzFDaAWAvXNY20zrZnKa1A0A/V m/CxTjLS4mKyWx4Ud4RoRzznMF3hdVGACFMYP5y6BofuNZOgWnV5Yj6VBY/uLUXAKCDf w5UYAuE+f6Y26Cl9AStw+1jyJPmCac5nObkBy8g9TNgzhrutDu3zMCHzlpU+dx5ItgZm TmarU41FST747aSd9J/3vTe8Ss367WKn1gadU7asr87tW1SFmMJ8mPJP0uydlrlEGOG1 jHzqO10zI9Sn1QDoKnHg1Zunly8UA+IZPlJs0GKot6ZtM4nN5dIjs4o2/KU/A1a2zTXf uvsA==
- Archived-at: <https://zsh.org/workers/54460>
- List-id: <zsh-workers.zsh.org>
Dear Zsh Maintainers,
Following up on my previous report, I would like to bring to your attention a significant number of Null Pointer Dereference issues discovered during my static analysis of the Zsh source code using scan-build.
Summary of Findings:
Issue Count: Approximately 51 Null Pointer Dereference instances.
Tool Used: Clang Static Analyzer.
Potential Impact: These vulnerabilities could lead to unexpected crashes (Segmentation Faults) and Denial of Service (DoS) if triggered by specific inputs or environment configurations.
Key Locations (Partial List):
Many of these issues are located in the Src/Zle/ and core shell logic, where pointers are dereferenced without prior null checks.
I have attached a summary screenshot of the analysis report showing the scale of these issues. I am ready to provide the detailed HTML reports for each specific case to assist with the patching process.
Best regards,
Pasidu (Security Researcher)
Attachment:
Screenshot_2026-05-03_19_07_01.png
Description: PNG image
Attachment:
Screenshot_2026-05-03_19_07_16.png
Description: PNG image
Attachment:
Screenshot_2026-05-03_19_07_51.png
Description: PNG image
Messages sorted by:
Reverse Date,
Date,
Thread,
Author
