diff options
| author | Mikael Magnusson <mikachu@gmail.com> | 2026-05-13 20:59:29 +0200 |
|---|---|---|
| committer | Mikael Magnusson <mikachu@gmail.com> | 2026-05-16 18:28:32 +0200 |
| commit | 724548b4e9fa054d2fca7383cbe5627f1f65cadb (patch) | |
| tree | 963515a874055b3cdf6c7b7b9fe2dcb5efb4f680 /Completion/Unix/Command | |
| parent | 54568: zformat: fix some misparse and overrun issues (diff) | |
| download | zsh-724548b4e9fa054d2fca7383cbe5627f1f65cadb.tar zsh-724548b4e9fa054d2fca7383cbe5627f1f65cadb.tar.gz zsh-724548b4e9fa054d2fca7383cbe5627f1f65cadb.tar.bz2 zsh-724548b4e9fa054d2fca7383cbe5627f1f65cadb.tar.lz zsh-724548b4e9fa054d2fca7383cbe5627f1f65cadb.tar.xz zsh-724548b4e9fa054d2fca7383cbe5627f1f65cadb.tar.zst zsh-724548b4e9fa054d2fca7383cbe5627f1f65cadb.zip | |
54569: zle: various issues
historysearchforward advanced zlecs instead of histpos
(historysearchbackward already correctly uses CCRIGHTPOS(histpos)
ST is actually 0x9c per ctlseqs.txt
ESC \
String Terminator (ST is 0x9c).
fix plenty of indexing confusion with prompt_markers(), it was never
returning pre because markers did not include it. constants were
compared against the wrong variable, or using the wrong hardcoded index
(and those indices also changed now that pre is in markers).
in bracketedstring, the imeta(next) branch writes two bytes to pbuf,
make sure they both fit.
only reallocate once in sizeline, and correct the comment for
stringaszleline, though I don't think anyone will do that.
putreplaceselection used a stale buffer in the following scenario:
% blah
set region to bl with cursor on a, hit ctrl-k, then invoke
put-replace-selection via alt-x or bind it in advance.
==10588== Invalid read of size 2
==10588== by 0x6588FAA: pastebuf (zle_misc.c:597)
==10588== by 0x65895A6: putreplaceselection (zle_misc.c:720)
==10588== Address 0x6219550 is 0 bytes inside a block of size 16 free'd
==10588== at 0x483C17B: free (vgpreload_memcheck-amd64-linux.so)
==10588== by 0x65A347A: cuttext (zle_utils.c:1023)
==10588== Block was alloc'd at
==10588== at 0x483E82F: realloc (vgpreload_memcheck-amd64-linux.so)
==10588== by 0x65A34E8: cuttext (zle_utils.c:1028)
also set clear so the stringaszleline allocation is freed in the same
function, and fix the same leak in viputbefore and viputafter.
fix out of bounds access in vimatchbracket
==11986== Invalid read of size 4
==11986== at 0x658D14C: vimatchbracket (zle_move.c:645)
fix out of bounds access in backwardmetafiedchar, this one won't cause a
valgrind warning because the memory is owned by us.
fix two separate leaks (impressive) when assigning to $registers special zle parameter
==16615== 2,799,972 bytes in 99,999 blocks are definitely lost in loss record 631 of 631
==16615== at 0x48397B5: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==16615== by 0x473836: zalloc (mem.c:966)
==16615== by 0x65A1EEC: stringaszleline (zle_utils.c:440)
==16615== by 0x658EF17: set_register (zle_params.c:775)
==16615== 599,988 bytes in 99,998 blocks are definitely lost in loss record 630 of 631
==16615== at 0x48397B5: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==16615== by 0x473836: zalloc (mem.c:966)
==16615== by 0x4AA101: ztrdup (string.c:68)
==16615== by 0x435536: addvars (exec.c:2604)
don't crash on 'bindkey x foo; zle -l foo'
==21910== Process terminating with default action of signal 11 (SIGSEGV)
==21910== Access not within mapped region at address 0x0
==21910== at 0x6597303: bin_zle_list (zle_thingy.c:406)
==21910== by 0x6597229: bin_zle (zle_thingy.c:388)
restore keymap and zmod when erroring out of bin_zle_call
inststrlen used the wrong len to advance zlecs which would cause it to
advance way past the end of zleline. fortunately this function is never
called with zlemetaline == NULL.
fix expand-cmd-path to not just move the cursor an arbitrary
amount forward, and convert the indices from zlemetaline to zleline.
bangq in magicspace could be used after zleline was realloc()d,
calculate the offset before calling selfinsert()
the memo field wasn't always freed for region highlights
vi-indent was skipping the last line for 4+ line ranges
vi-unindent buffer overrun
==3900== Conditional jump or move depends on uninitialised value(s)
==3900== at 0x65A3CE6: findeol (zle_utils.c:1180)
==3900== by 0x65A6E01: viunindent (zle_vi.c:880)
break the loop on eof in vi-caps-lock-panic, though we do exit anyway
when the terminal closes
off by one in condition in vi-backward-word-end, this only prevented us
moving to the start of the buffer if we were on the second character
exactly.
seq in cursor_form() was one byte too small to fit the nul terminator:
zsh% zle_cursorform=( edit:steady,color=\#abcdef )
Breakpoint 1, cursor_form () at termquery.c:987
987 if (s - seq)
(gdb) p s - seq
$1 = 31
fix negation of h-3 in setmstatus. this was very noticable in interactive
menu selection if you typed a long string. the entire string would be
replaced by three dots instead of just the start of it.
Diffstat (limited to 'Completion/Unix/Command')
0 files changed, 0 insertions, 0 deletions