Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

PATCH: fix crash involving backslash quoting in set_comp_sep()

X-seq: zsh-workers 54641
From: Mikael Magnusson <mikachu@xxxxxxxxx>
To: zsh-workers@xxxxxxx
Cc: Bart Schaefer <schaefer@xxxxxxxxxxxxxxxx>, Petr Šťastný <petr@xxxxxxxxxxx>
Subject: PATCH: fix crash involving backslash quoting in set_comp_sep()
Date: Sat, 30 May 2026 07:51:23 +0200
Archived-at: <https://zsh.org/workers/54641>
In-reply-to: <CAH+w=7YKTM88-BQFUMoQs_R8QNRd-YxqqVEjmhYsctN9mXeFCg@mail.gmail.com>
List-id: <zsh-workers.zsh.org>
References: <CAH+w=7YKTM88-BQFUMoQs_R8QNRd-YxqqVEjmhYsctN9mXeFCg@mail.gmail.com>

Originally reported in 46120, with minimal recipe in 46156.

The QT_BACKSLASH case just removed backslashes without tracking how many, but we
need to know that for later, so do it more like how QT_DOUBLE does it.

Without the swe += bq, alias a=\\\[<tab> becomes a=\\\[\[ which isn't
right.
---
 Src/Zle/compcore.c | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/Src/Zle/compcore.c b/Src/Zle/compcore.c
index d7cdd76f7e..e5a66d1164 100644
--- a/Src/Zle/compcore.c
+++ b/Src/Zle/compcore.c
@@ -1516,6 +1516,7 @@ set_comp_sep(void)
      *     are specially handled (but currently only if RCQUOTES is not
      *     set, which isn't necessarily correct if the quotes were typed by
      *     the user).
+     * bq: you may have guessed it, backslashes removed from backslash quoting
      * osq: c.f. odq, taking account of Snull's and embedded "'"'s.
      * qttype: type of quotes using standard QT_* definitions.
      * lsq: when quoting is single quotes (QT_SINGLE), counts the offset
@@ -1526,7 +1527,7 @@ set_comp_sep(void)
      *      when stripping single quotes: 1 for RCQUOTES, 3 otherwise
      *      (because we leave a "'" in the final string).
      */
-    int dq = 0, odq, sq = 0, qttype, sqq = 0, lsq = 0, qa = 0;
+    int dq = 0, odq, sq = 0, bq = 0, qttype, sqq = 0, lsq = 0, qa = 0;
     /* dolq: like sq and dq but for dollars quoting. */
     int dolq = 0;
     /* remember some global variable values (except lp is local) */
@@ -1576,7 +1577,17 @@ set_comp_sep(void)
     switch ((qttype = *compqstack)) {
     case QT_BACKSLASH:
         remq = 1;
-	tmp = rembslash(tmp);
+	for (p = tmp; *p; ) {
+	    if (*p == '\\') {
+		chuck(p);
+		bq++;
+		if (p - tmp < zlemetacs)
+		    zlemetacs--;
+		if (*p)
+		    p++;
+	    } else
+		p++;
+	}
         break;
 
     case QT_SINGLE:
@@ -1694,8 +1705,8 @@ set_comp_sep(void)
 	    DPUTS(!p, "no current word in substr");
 	    got = 1;
 	    cur = countlinknodes(foo) - 1;  /* cur is 0 offset */
-	    swb = wb - dq - sq - dolq;
-	    swe = we - dq - sq - dolq;
+	    swb = wb - dq - sq - dolq - bq;
+	    swe = we - dq - sq - dolq - bq;
             sqq = lsq;
 	    soffs = zlemetacs - swb - css;
 	    DPUTS2(p[soffs] != 'x', "expecting 'x' at offset %d of \"%s\"",
@@ -1827,13 +1838,14 @@ set_comp_sep(void)
      * double quoting but the fact it's arrived at in a rather different way
      * from sqq may indicate this is wrong.  $'...' may need something, too.
      */
-    sav = s[(i = swb - 1 - sqq + dq)];
+    sav = s[(i = swb - 1 - sqq + dq + bq)];
     s[i] = '\0';
     qp = (qttype == QT_SINGLE) ? dupstring_wlen(s, i) : rembslash(s);
     s[i] = sav;
     if (swe < swb)
 	swe = swb;
     swe--;
+    swe += bq;
     sl = strlen(s);
     if (swe > sl) {
 	swe = sl;
-- 
2.38.1

Messages sorted by: Reverse Date, Date, Thread, Author