From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <zsh-users-return-17387-mason-zsh=primenet.com.au@zsh.org>
Received: (qmail 29902 invoked by alias); 10 Nov 2012 13:29:16 -0000
Mailing-List: contact zsh-users-help@zsh.org; run by ezmlm
Precedence: bulk
X-No-Archive: yes
List-Id: Zsh Users List <zsh-users.zsh.org>
List-Post: <mailto:zsh-users@zsh.org>
List-Help: <mailto:zsh-users-help@zsh.org>
X-Seq: 17387
Received: (qmail 1016 invoked from network); 10 Nov 2012 13:29:03 -0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on f.primenet.com.au
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_HI
	autolearn=ham version=3.3.2
Received-SPF: none (ns1.primenet.com.au: domain at linux.vnet.ibm.com does not designate permitted sender hosts)
Date: Sat, 10 Nov 2012 18:58:11 +0800
From: Han Pingtian <hanpt@linux.vnet.ibm.com>
To: zsh-users@zsh.org
Subject: Re: argv subscript range uses too many memory
Message-ID: <20121110105811.GA7136@localhost.localdomain>
References: <20121108084001.GA7594@localhost.localdomain>
 <20121108100226.575b0788@pwslap01u.europe.root.pri>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20121108100226.575b0788@pwslap01u.europe.root.pri>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Content-Scanned: Fidelis XPS MAILER
x-cbid: 12111010-3534-0000-0000-00000ECEB0A5

Looks like when running with 'print -- "$argv[1,3]", the call trace is
something like this:

(gdb) bt
#0  mmap_heap_alloc (n=0x7fff0852e880) at mem.c:449
#1  0x000000000045f5f9 in zhalloc (size=1594456) at mem.c:542
#2  0x00000000004a4dfa in arrdup (s=0x313b008) at utils.c:3648
#3  0x0000000000471fa9 in getarrvalue (v=0x7fff0852ea20) at params.c:2174
#4  0x00000000004961bf in paramsubst (l=0x7f51d6dd0bb0, n=0x7f51d6dd0bf8, str=0x7fff0852ee38, qt=1, pf_flags=0) at subst.c:2400
#5  0x0000000000491cbd in stringsubst (list=0x7f51d6dd0bb0, node=0x7f51d6dd0bf8, pf_flags=0, asssub=1) at subst.c:236
#6  0x0000000000491089 in prefork (list=0x7f51d6dd0bb0, flags=1) at subst.c:77
#7  0x000000000042dafb in execcmd (state=0x7fff0852f760, input=0, output=0, how=18, last1=2) at exec.c:2579
#8  0x000000000042b410 in execpline2 (state=0x7fff0852f760, pcode=323, how=18, input=0, output=0, last1=0) at exec.c:1677
#9  0x000000000042a56e in execpline (state=0x7fff0852f760, slcode=5122, how=18, last1=0) at exec.c:1462
#10 0x0000000000429c2c in execlist (state=0x7fff0852f760, dont_change_job=0, exiting=0) at exec.c:1245
#11 0x000000000042968a in execode (p=0x7f51d6dd0af0, dont_change_job=0, exiting=0, context=0x4af417 "toplevel") at exec.c:1057
#12 0x0000000000447dcb in loop (toplevel=1, justonce=0) at init.c:185
#13 0x000000000044b3f4 in zsh_main (argc=1, argv=0x7fff0852f938) at init.c:1616
#14 0x000000000040e034 in main (argc=1, argv=0x7fff0852f938) at ./main.c:93
(gdb)

But if running with 'print -- "$argv[1] $argv[2] $argv[3]", the call
trace is something like this:

(gdb) bt
#0  mmap_heap_alloc (n=0x7fff0852f4a0) at mem.c:449
#1  0x000000000045f5f9 in zhalloc (size=16) at mem.c:542
#2  0x0000000000490a1d in dupstring (s=0x4baa95 "%B%S%#%s%b") at string.c:39
#3  0x0000000000488f5c in promptexpand (s=0x4baa95 "%B%S%#%s%b", ns=1, rs=0x0, Rs=0x0, txtchangep=0x0) at prompt.c:185
#4  0x000000000049f6d6 in preprompt () at utils.c:1307
#5  0x0000000000447b11 in loop (toplevel=1, justonce=0) at init.c:121
#6  0x000000000044b3f4 in zsh_main (argc=1, argv=0x7fff0852f938) at init.c:1616
#7  0x000000000040e034 in main (argc=1, argv=0x7fff0852f938) at ./main.c:93

And the outputs showed before hitting the break point mmap_heap_alloc().