On Sat, 20 May 2006, Matthias Kilian wrote:
> On Sat, May 20, 2006 at 08:38:38PM +0200, Otto Moerbeek wrote:
> [typeset -i F and ${F[*]} weirdness]
> > this looks like a bug,
>
> It's caused by the fact that for integers str_val() returns the
> address of a static buffer and that the loop over the array elements
> in varsub() just copies the pointer returned by str_val() into a
> pointer vector (eval.c, line 793).
>
> Would strdup()ing and later free()ing all the strings be an option?
> Or do you consider that overkill?
Indeed, the static buffer is the problem. A dynamically alloc'ed
string could work, but the problem would be where/when to free it.
In the case of formatstr an allocated string is returned, so we have
already a mem leak here, it seems.
I remember seeing a NetBSD commit related t0 formatstr handling:
http://cvsweb.netbsd.org/bsdweb.cgi/src/bin/ksh/var.c.diff?r1=1.12&r2=1.13
But I must sleep now...
-Otto
