From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <zsh-workers-return-32285-mason-zsh=primenet.com.au@zsh.org>
Received: (qmail 1240 invoked by alias); 19 Jan 2014 04:59:28 -0000
Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm
Precedence: bulk
X-No-Archive: yes
List-Id: Zsh Workers List <zsh-workers.zsh.org>
List-Post: <mailto:zsh-workers@zsh.org>
List-Help: <mailto:zsh-workers-help@zsh.org>
X-Seq: 32285
Received: (qmail 1659 invoked from network); 19 Jan 2014 04:59:22 -0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on f.primenet.com.au
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_NONE
	autolearn=ham version=3.3.2
From: Bart Schaefer <schaefer@brasslantern.com>
Message-id: <140118205928.ZM11152@torch.brasslantern.com>
Date: Sat, 18 Jan 2014 20:59:28 -0800
In-reply-to: <140118133407.ZM10286@torch.brasslantern.com>
Comments: In reply to Bart Schaefer <schaefer@brasslantern.com>
 "Re: Bug with long multiline strings?" (Jan 18,  1:34pm)
References: <87vcdzq4ke.fsf@ft.bewatermyfriend.org>
	<20121024171023.313995d7@pwslap01u.europe.root.pri>
	<20121025095936.621c7717@pws-pc.ntlworld.com>
	<87bofqq54z.fsf@ft.bewatermyfriend.org>
	<87sism8ie6.fsf@ft.bewatermyfriend.org>
	<140118133407.ZM10286@torch.brasslantern.com>
X-Mailer: OpenZMail Classic (0.9.2 24April2005)
To: zsh-workers@zsh.org
Subject: Re: Bug with long multiline strings?
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii

On Jan 18,  1:34pm, Bart Schaefer wrote:
}
} Took me a few passes, but I traced the bug to this:
} 
} #0  freeheap () at ../../zsh-5.0/Src/mem.c:382
} #1  0x0808bd23 in execfor (state=0xbfeb4a20, do_exec=0)
}     at ../../zsh-5.0/Src/loop.c:188
} 
} That freeheap() is discarding a heap that is still in use.

Patch below seems to do the trick.  The bug is a consequence of my change
in workers/29175, and it's only tickled if heap memory is allocated and
re-allocated in chunks of a certain size (because if I repeat Frank's
steps using longer lines at each PS2 prompt, it doesn't happen).

I imagine Peter is getting rather tired of crash bugs getting found and
fixed only days after he does a release.

diff --git a/Src/mem.c b/Src/mem.c
index 5275c6c..d15721c 100644
--- a/Src/mem.c
+++ b/Src/mem.c
@@ -367,6 +367,15 @@ freeheap(void)
 	    }
 #endif
 	} else {
+	    if (h == fheap && h != heaps) {
+		/*
+		 * When deallocating the last arena with free space,
+		 * loop back through the list to find another one.
+		 */
+		fheap = NULL;
+		hn = heaps;
+		continue;
+	    }
 #ifdef USE_MMAP
 	    munmap((void *) h, h->size);
 #else