From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+ml==a==inbox.vuxu.org==zsh-workers@zsh.org>
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.3 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DKIM_VALID_EF,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham autolearn_force=no
	version=3.4.4
Received: from zero.zsh.org (zero.zsh.org [IPv6:2a02:898:31:0:48:4558:7a:7368])
	by inbox.vuxu.org (Postfix) with ESMTP id 404FC25F50
	for <ml@inbox.vuxu.org>; Fri, 28 Jun 2024 12:20:01 +0200 (CEST)
ARC-Seal: i=1; cv=none; a=rsa-sha256; d=zsh.org; s=rsa-20210803; t=1719570001;
	 b=qltfDOHza/dEr4MLSD+Pgov1h0pleU8tcTVqYv+pAd0DkmnXgJv+CgJDVsk6Au/H4e0pdnrCqg
	  sqMB3ppPdR8sIv7mkcdK5x7Cqbz4A0/nIZLKPwnxb4e/VPfOsQUKwMKhom4TVGWLMSVTyIqQvM
	  RHfseWhSQj4Pp/6gGlsEaL+zAf3ACPen06DGU2IhpvM5b2Z1lCw8pKjYUsgd+4yZzEoqFB31zT
	  brdqfUIfuaCpKNpgy+TLCktD/MD3Jf+mkbw0hLtWn8n5mg5yyor4wJIE/q/DhFuSbeq84sOdx5
	  y7BbmJbWPUiqskIypO86YrYmn0CHCEnFc/0gD8bK6NB38A==;
ARC-Authentication-Results: i=1; zsh.org;
	iprev=pass (mta-snd-w06.biglobe.ne.jp) smtp.remote-ip=27.86.113.22;
	dkim=pass header.d=kba.biglobe.ne.jp header.s=default-1th84yt82rvi header.a=rsa-sha256;
	dmarc=none header.from=kba.biglobe.ne.jp;
	arc=none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed; d=zsh.org; s=rsa-20210803; t=1719570001;
	bh=+MJ1+cvvJ4HE1UEQ51eCAPImRrAbjcyNJ9xYstcxnFY=;
	h=List-Archive:List-Owner:List-Post:List-Unsubscribe:List-Subscribe:List-Help:
	  List-Id:Sender:DKIM-Signature:To:Date:Message-ID:Subject:MIME-Version:
	  Content-Transfer-Encoding:Content-Type:From:DKIM-Signature;
	b=cxiaxtTNRO6LKVG3Nvck3uy7lKjadZ76euJz3rhdpL4lsDMvI4m09DdFhcc7yECCjBqDeyskLp
	  tJ8AAvMn4Atd/POQvq1DKfRUvL5ZRj5z05isMNkCLi8hzXp+Un4tLX3eYL7mB/Wh2gzMcQyD6r
	  6KQ817nKwZT21yMGXmQe02lTWI7ciXkJKxFoQVF5WdvUAIcXYDMQlpNGJxzSZ+phhFS1gim39+
	  ++wj/6mxVovmHqzF8ilvjqunosPwCThyjIIw3aHAb40He+URhj03M59G2clI792fQ7KRy05JfF
	  OzK7DQZ2oamXplQfbb0Z3nOVbXYCOUto1ShpAnyuV9jxcw==;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=zsh.org;
	s=rsa-20210803; h=List-Archive:List-Owner:List-Post:List-Unsubscribe:
	List-Subscribe:List-Help:List-Id:Sender:To:Date:Message-Id:Subject:
	Mime-Version:Content-Transfer-Encoding:Content-Type:From:Reply-To:Cc:
	Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
	Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References;
	bh=rhsH9u2c2oiBRbgJhtiqQ8SwezffqEFaAFyP4frjQtw=; b=NQV+pKvuukYy3OPacsI4GE3Pvk
	ruFN/M38C6jrjtzfKGYGQxbKd4NgtouH2z+WqdXxWqgETyXDYyX+txfmCz3DUs81A9xJgGsDELVb3
	k+kNWMIZBfjPxcYOKvzOn3vaVHfyVsbWQARdC0nyVsRNtAHrRQe7bwQKgH2gp5YSLew/i0/Oty5Pc
	cT5uMWvkprHW6cCAIwnY9FdLs8oAi6jBOuSCiHq+CgkEgggkkX6cfGEw5sny8/IaIFwNVQAvy3Pmv
	z5mLDtAVobqBbQDpm0wd4O3X+0aYLmQhf13vRklvduMzqlcNHsdCSbZk6CXrRkKA853ufbaNtblk/
	ZI9zdchg==;
Received: by zero.zsh.org with local
	id 1sN8i1-000Lyw-Ke;
	Fri, 28 Jun 2024 10:20:01 +0000
Authentication-Results: zsh.org;
	iprev=pass (mta-snd-w06.biglobe.ne.jp) smtp.remote-ip=27.86.113.22;
	dkim=pass header.d=kba.biglobe.ne.jp header.s=default-1th84yt82rvi header.a=rsa-sha256;
	dmarc=none header.from=kba.biglobe.ne.jp;
	arc=none
Received: from mta-snd-w06.biglobe.ne.jp ([27.86.113.22]:29344)
	by zero.zsh.org with esmtps (TLS1.3:TLS_AES_256_GCM_SHA384:256)
	id 1sN8ho-000LeX-29;
	Fri, 28 Jun 2024 10:19:48 +0000
Received: from mail.biglobe.ne.jp by mta-snd-w06.biglobe.ne.jp with ESMTP
          id <20240628101945278.INKF.102657.mail.biglobe.ne.jp@biglobe.ne.jp>
          for <zsh-workers@zsh.org>; Fri, 28 Jun 2024 19:19:45 +0900
From: Jun T <takimoto-j@kba.biglobe.ne.jp>
Content-Type: text/plain;
	charset=us-ascii
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\))
Subject: memory leak (2): named reference
Message-Id: <0D741AF4-0E8C-4FAA-B45A-E787958FCC41@kba.biglobe.ne.jp>
Date: Fri, 28 Jun 2024 19:19:34 +0900
To: zsh-workers@zsh.org
X-Mailer: Apple Mail (2.3731.700.6)
X-Biglobe-Sender: takimoto-j@kba.biglobe.ne.jp
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kba.biglobe.ne.jp; s=default-1th84yt82rvi; t=1719569985;
 bh=rhsH9u2c2oiBRbgJhtiqQ8SwezffqEFaAFyP4frjQtw=;
 h=From:Subject:Date:To;
 b=Qh8/Z8KFN98NSztFjHZJG3IbD7ySy9shZkiEGmAeqw/vuad/OEYKylAGBw0o+q64MDQpWY4n
 qZgMifwS0nWdFkIrivf4/M+r+IyfSn7A1Vs/MRul+dyuF5E+BQZtLzMfkE7IhGjfia4Bg95RGK
 GLVnpWnk+2D7EUP2I686DhPAZiCOfV8eI9YhGwRxu+vtmw1KMzGuF0qPUY7QFcO6ymS1dt75qc
 Koutfcfyqt+uCeZdlvGQTVEWpFD3eNbtmwVzTuwT1BJdkSkJAxiLW8COnvvrpngyfrykycAa2E
 x4Gamym6cJqnF6/b2BJyc+vvnZLlXGQjtG7bb2yJ8ib7Y7Eg==
X-Seq: 52981
Archived-At: <https://zsh.org/workers/52981>
X-Loop: zsh-workers@zsh.org
Errors-To: zsh-workers-owner@zsh.org
Precedence: list
Precedence: bulk
Sender: zsh-workers-request@zsh.org
X-no-archive: yes
List-Id: <zsh-workers.zsh.org>
List-Help: <http://www.zsh.org/sympa/help>, <mailto:sympa@zsh.org?subject=HELP>
List-Subscribe: <http://www.zsh.org/sympa/subscribe/zsh-workers>, <mailto:sympa@zsh.org?subject=SUB%20zsh-workers>
List-Unsubscribe: <http://www.zsh.org/sympa/signoff/zsh-workers>, <mailto:sympa@zsh.org?subject=SIG%20zsh-workers>
List-Post: <mailto:zsh-workers@zsh.org>
List-Owner: <mailto:zsh-workers-request@zsh.org>
List-Archive: <http://www.zsh.org/sympa/arc/zsh-workers>

This is the second problem (related with the named reference).
In the following all the tests are run as

% valgrind --leak-check=full zsh -f test_n

% cat test1
typeset -n ptr
ptr=ptr

Invalid read of size 8
  at 0x1A498C: assignstrvalue (params.c:2814)

Address 0x4bd6120 is 48 bytes inside a block of size 80 free'd
  by 0x193DB1: zfree (mem.c:1871)
  by 0x1AE241: freeparamnode (params.c:5913)
  by 0x1AA4A1: unsetparam_pm (params.c:3871)
  by 0x1AF873: setscope (params.c:6374)
  by 0x1A4983: assignstrvalue (params.c:2813)

assignstrvalue() calls setscope(pm), and when it finds the self reference
(params.c:6374) it calls (indirectly) zfree(pm). But just after returning
from setscope() (params.c:2814) the freed pm is used.


% cat test2
typeset -n ptr
for ptr in foo
do; done

4 bytes in 1 blocks are definitely lost in loss record 20 of 384
   by 0x1935B9: zalloc (mem.c:966)
   by 0x1CEB5E: ztrdup (string.c:83)
   by 0x188FBE: execfor (loop.c:168)

This is simple. In execfor()
loop.c:168	setloopvar(name, ztrdup(str))
but in setloopvar(name, value)
params.c:6329	SETREFNAME(pm, ztrdup(value))
I think we don't need two ztrdup()'s here, and the problem can be fixed
by removing the second ztrdup().


% cat test3
typeset -n ref
for ref in one ref
do; done

Invalid read of size 4
  at 0x1AF3D9: setloopvar (params.c:6333)

Address 0x4bd5af0 is 16 bytes inside a block of size 80 free'd
  by 0x193DB1: zfree (mem.c:1871)
  by 0x1AE241: freeparamnode (params.c:5913)
  by 0x1AA4A1: unsetparam_pm (params.c:3871)
  by 0x1AFB27: setscope (params.c:6409)
  by 0x1AF3D4: setloopvar (params.c:6332)

This similar to test1. setscope(pm) (params.c:6332) calls zfree(pm),
but the pm used just after it.

test3 also causes two memory leaks.
One is the same as test2; 7 bytes ("aa" and "ref", allocated by
ztrdup() at loop.c:168) are lost.
In the other, 4 bytes ("ref", allocated by ztrdup() at params.c:6329)
are lost. This is caused by aborting the loop by the self reference
and can't be fixed by removing the ztrdup() from params.c:6329.