* [Bug] ZSH segmentation fault @ 2007-06-03 10:02 ` matthieu kermagoret 2007-06-03 14:30 ` Peter Stephenson 0 siblings, 1 reply; 6+ messages in thread From: matthieu kermagoret @ 2007-06-03 10:02 UTC (permalink / raw) To: zsh-workers Hello ! I just found a bug in ZSH with double left redirection. First I generate a file like this : > echo "cat << EOF" > segfault_file > for i in `seq 10000`; do echo `printf "%010000d" 0` >> segfault_file; done Then I try to make it execute to ZSH like this : > zsh < segfault_file After a little while ZSH segfaults ! This was successfully reproduced over Linux and NetBSD. I hope you'll find it useful. -- Matthieu KERMAGORET matthieu.kermagoret@epitech.net ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Bug] ZSH segmentation fault 2007-06-03 10:02 ` [Bug] ZSH segmentation fault matthieu kermagoret @ 2007-06-03 14:30 ` Peter Stephenson 2007-06-03 16:43 ` DervishD 0 siblings, 1 reply; 6+ messages in thread From: Peter Stephenson @ 2007-06-03 14:30 UTC (permalink / raw) To: zsh-workers matthieu kermagoret wrote: > Hello ! > > I just found a bug in ZSH with double left redirection. > First I generate a file like this : > > echo "cat << EOF" > segfault_file > > for i in `seq 10000`; do echo `printf "%010000d" 0` >> segfault_file; done > > Then I try to make it execute to ZSH like this : > > zsh < segfault_file > > After a little while ZSH segfaults ! Hmm... you've made the shell use massive amounts of memory and it's crashed when it didn't have enough. (On my laptop with 2 gigabytes of main memory and the same amount of swap this doesn't crash, at least with the latest version of the shell.) The problem is that the shell actually keeps the here document in memory. This seems a bit lazy because it needs to write it to a temporary file later anyway. However, there are case where this is very difficult to handle any other way. Consider a shell function: fn() { cat <<EOF ... very long text ... EOF } Obviously this has to be in the shell's memory, since that's the whole point of a shell function, so in this case the problem isn't fixable. A partial kludge for here documents in scripts or on the command line is very messy and doesn't fix the fundamental problem that you're using a syntax which potentially asks for unavailable memory. The only general fix, or at least graceful get out, for crashes like this is for every memory access in zsh to be error checked and abort if it fails. There are very, very many of these and it still doesn't help you run programmes requiring large amounts of memory. -- Peter Stephenson <p.w.stephenson@ntlworld.com> Web page now at http://homepage.ntlworld.com/p.w.stephenson/ ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Bug] ZSH segmentation fault 2007-06-03 14:30 ` Peter Stephenson @ 2007-06-03 16:43 ` DervishD 2007-06-03 17:36 ` Peter Stephenson 0 siblings, 1 reply; 6+ messages in thread From: DervishD @ 2007-06-03 16:43 UTC (permalink / raw) To: Peter Stephenson; +Cc: zsh-workers Hi Peter :) * Peter Stephenson <p.w.stephenson@ntlworld.com> dixit: > Hmm... you've made the shell use massive amounts of memory and it's > crashed when it didn't have enough. [...] > The only general fix, or at least graceful get out, for crashes like > this is for every memory access in zsh to be error checked and abort if > it fails. There are very, very many of these and it still doesn't help > you run programmes requiring large amounts of memory. While I understand that running such scripts is very unusual, I think that just segfaulting is not a correct way of dealing with errors. For example, in my zsh 4.2.6 I get a segfault when trying to complete very long file names (I reported that, but it's just an example). If I try to run a script that eats all the memory, the shell will segfault too. In the second case I'm the culprit, because really the shell is not intended to do that job; in the first case I'm not guilty, but the shell behaved the same. Moreover, even in the first case I think that it's better to abort, that way you can try to reproduce the error in a non-login shell and get a sensible error message when the shell crashes instead of just a crash. Just my 0.02 euros, and of course I'm not critizising anything since I'm not the one who has to fix every memory allocation O:) Raúl Núñez de Arenas Coronado -- Linux Registered User 88736 | http://www.dervishd.net It's my PC and I'll cry if I want to... RAmen! ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Bug] ZSH segmentation fault 2007-06-03 16:43 ` DervishD @ 2007-06-03 17:36 ` Peter Stephenson 2007-06-03 19:16 ` DervishD 2007-06-04 0:55 ` Bart Schaefer 0 siblings, 2 replies; 6+ messages in thread From: Peter Stephenson @ 2007-06-03 17:36 UTC (permalink / raw) To: zsh-workers DervishD wrote: > While I understand that running such scripts is very unusual, I > think that just segfaulting is not a correct way of dealing with errors. I didn't claim it was, indeed I think I implied the opposite. I can easily work around this one, though even this isn't completely trivial. Index: Src/exec.c =================================================================== RCS file: /cvsroot/zsh/zsh/Src/exec.c,v retrieving revision 1.115 diff -u -r1.115 exec.c --- Src/exec.c 29 May 2007 14:16:03 -0000 1.115 +++ Src/exec.c 3 Jun 2007 17:32:50 -0000 @@ -3111,7 +3111,13 @@ ; for (;;) { if (bptr == buf + bsiz) { - buf = realloc(buf, 2 * bsiz); + char *newbuf = realloc(buf, 2 * bsiz); + if (!newbuf) { + /* out of memory */ + zfree(buf, bsiz); + return NULL; + } + buf = newbuf; t = buf + bsiz - (bptr - t); bptr = buf + bsiz; bsiz *= 2; Index: Src/lex.c =================================================================== RCS file: /cvsroot/zsh/zsh/Src/lex.c,v retrieving revision 1.38 diff -u -r1.38 lex.c --- Src/lex.c 23 Jan 2007 16:07:47 -0000 1.38 +++ Src/lex.c 3 Jun 2007 17:32:51 -0000 @@ -356,6 +356,16 @@ ALLOWHIST cmdpop(); hwend(); + if (!name) { + zerr("here document too large"); + while (hdocs) { + next = hdocs->next; + zfree(hdocs, sizeof(struct heredocs)); + hdocs = next; + } + tok = LEXERR; + break; + } setheredoc(hdocs->pc, REDIR_HERESTR, name); zfree(hdocs, sizeof(struct heredocs)); hdocs = next; -- Peter Stephenson <p.w.stephenson@ntlworld.com> Web page now at http://homepage.ntlworld.com/p.w.stephenson/ ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Bug] ZSH segmentation fault 2007-06-03 17:36 ` Peter Stephenson @ 2007-06-03 19:16 ` DervishD 2007-06-04 0:55 ` Bart Schaefer 1 sibling, 0 replies; 6+ messages in thread From: DervishD @ 2007-06-03 19:16 UTC (permalink / raw) To: Peter Stephenson; +Cc: zsh-workers Hi Peter :) * Peter Stephenson <p.w.stephenson@ntlworld.com> dixit: > DervishD wrote: > > While I understand that running such scripts is very unusual, I > > think that just segfaulting is not a correct way of dealing with errors. > > I didn't claim it was, indeed I think I implied the opposite. As I said, I wasn't critizising O:) and I didn't want to sound rude, but my english is a bit on the poor side ;) I understood, from your message, that you were implying that fixing that behaviour wasn't really worth the effort. Sorry for that ;) > I can easily work around this one, though even this isn't completely > trivial. I suppose. Zsh sources are not exactly easy to follow. I don't really know how can you fix the bugs SO FAST!. It's amazing. Thanks for the fix :) Raúl Núñez de Arenas Coronado -- Linux Registered User 88736 | http://www.dervishd.net It's my PC and I'll cry if I want to... RAmen! ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Bug] ZSH segmentation fault 2007-06-03 17:36 ` Peter Stephenson 2007-06-03 19:16 ` DervishD @ 2007-06-04 0:55 ` Bart Schaefer 1 sibling, 0 replies; 6+ messages in thread From: Bart Schaefer @ 2007-06-04 0:55 UTC (permalink / raw) To: zsh-workers On Jun 3, 6:36pm, Peter Stephenson wrote: } Subject: Re: [Bug] ZSH segmentation fault } } DervishD wrote: } > While I understand that running such scripts is very unusual, I } > think that just segfaulting is not a correct way of dealing with errors. } } I didn't claim it was, indeed I think I implied the opposite. It might suffice to have a segfault handler (possibly turned off when the shell is compiled for debugging) which generically prints a message and aborts cleanly rather than producing a core dump. It's the same as far as the end result of the script is concerned, which is why we've never bothered with it so far, but it gives the appearance that the shell knows what it's doing when a less-sophisticated user accidentally induces a fault. ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2007-06-04 0:55 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- [not found] <matthieu.kermagoret@epita.fr> 2007-06-03 10:02 ` [Bug] ZSH segmentation fault matthieu kermagoret 2007-06-03 14:30 ` Peter Stephenson 2007-06-03 16:43 ` DervishD 2007-06-03 17:36 ` Peter Stephenson 2007-06-03 19:16 ` DervishD 2007-06-04 0:55 ` Bart Schaefer
Code repositories for project(s) associated with this public inbox https://git.vuxu.org/mirror/zsh/ This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).