From: Bart Schaefer <schaefer@brasslantern.com>
To: zsh workers <zsh-workers@zsh.org>
Subject: Re: completion crash
Date: Wed, 30 Mar 2011 09:57:23 -0700 [thread overview]
Message-ID: <110330095723.ZM746@torch.brasslantern.com> (raw)
In-Reply-To: <AANLkTi=V6W57TUFppL9OjBGh3Zm75=tMBiwUm7bZFDbm@mail.gmail.com>
On Mar 30, 6:26pm, Mikael Magnusson wrote:
} Subject: Re: completion crash
}
} I've tracked this down to something calling popheap() when it
} shouldn't, because putting "return;" at the top of popheap() makes the
} crash go away, also, at one point during all this, in
} parse.c:ecgetstr(), char *r gets a string assigned to it that has the
} same address as amatches->matches, which is subsequently overwritten
} by an strcpy. I'm not exactly sure if it's this corruption that causes
} the crash, what eventually crashes is an access to
} amatches->matches->prpre which is broken.
} (gdb) print amatches->matches
} $5 = (Cmatch *) 0x7ffff7fe3fa0
} #1 0x000000000048008c in dupstring (s=0x6bd8fc "-s") at string.c:40
} 40 strcpy(t, s);
} (gdb) print t
} $7 = 0x7ffff7fe3fa0 "-"
}
} This is presumably not good. Any ideas?
If you're in dupstring() when that strcpy() happens, then I strongly
suspect that what's happening is that amatches->matches points to
freed memory which is being re-allocated in dupstring().
This could be because popheap() is being called improperly, or it may
instead be that amatches or amatches->matches is not being reset to
zero at some point where the memory it points to is correctly freed.
I believe we've had that latter come up before.
Or it could be amatches should never point into heap memory and there
is a dupstring() or zhalloc() in a spot that should be a ztrdup() or
zalloc() instead. Most likely you're goig to need to find the place
where amatches->matches is being set, rather than the spot where it is
already pointing at garbage.
next prev parent reply other threads:[~2011-03-30 16:57 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-08-22 1:55 Mikael Magnusson
2011-03-30 16:26 ` Mikael Magnusson
2011-03-30 16:57 ` Bart Schaefer [this message]
2011-03-30 18:34 ` Mikael Magnusson
2011-03-31 19:56 ` Peter Stephenson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=110330095723.ZM746@torch.brasslantern.com \
--to=schaefer@brasslantern.com \
--cc=zsh-workers@zsh.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).