From 9b3a2924101c4e17dbb9c0b8745dc4eb9cdca910 Mon Sep 17 00:00:00 2001 From: Jun-ichi Takimoto Date: Mon, 19 Jul 2021 09:13:03 +0900 Subject: 49166: fix coredump in ${name:offset:length} with ill-formatted length --- ChangeLog | 5 +++++ Src/subst.c | 12 +++++++----- Test/D04parameter.ztst | 7 +++---- 3 files changed, 15 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2b4d4bcc6..2c988b4c8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2021-07-19 Jun-ichi Takimoto + + * 49166: Src/subst.c, Test/D04parameter.ztst: fix coredump in + ${name:offset:length} with ill-formatted length + 2021-07-10 Oliver Kiddle * 49158: Completion/Debian/Command/_dscverify, diff --git a/Src/subst.c b/Src/subst.c index 87a56c3c6..465fe970f 100644 --- a/Src/subst.c +++ b/Src/subst.c @@ -3362,13 +3362,15 @@ colonsubscript: return NULL; } if (*check_offset2) { + char *nextp; check_offset = check_colon_subscript(check_offset2 + 1, - &check_offset2); - if (*check_offset2 && *check_offset2 != ':') { - zerr("invalid length: %s", check_offset); - return NULL; - } + &nextp); if (check_offset) { + check_offset2 = nextp; + if (*check_offset2 && *check_offset2 != ':') { + zerr("invalid length: %s", check_offset); + return NULL; + } length = mathevali(check_offset); length_set = 1; if (errflag) diff --git a/Test/D04parameter.ztst b/Test/D04parameter.ztst index 05bb61bdc..b6b1f2e33 100644 --- a/Test/D04parameter.ztst +++ b/Test/D04parameter.ztst @@ -2664,10 +2664,9 @@ F:behavior, see http://austingroupbugs.net/view.php?id=888 >3: pw >4: pw - # Using a subshell because it segfaults. - ("${: :${{{\"{{lorem ipsum dolor sit amet}}") --f:regression test for workers/45843#1 -?(eval):1: bad substitution + : "${foo:0:${\"}}" +1:broken length in ${name:offset:length} (workers/45843#1) +?(eval):1: unrecognized modifier `$' $ZTST_testdir/../Src/zsh -fc $'$\\\n(' 1:regression test for workers/45843#2: escaped newline in command substitution start token -- cgit 1.4.1