Lethal option-related bug

Lethal option-related bug

[Peter Stephenson]

I just submitted a batch job for the first time with an unpatched
3.0-pre4 and it dumped core straight away.  (I think the shell is
still yelling out `Don't release me!  Don't release me!'.)

It turns out to be easy to reproduce:

./zsh -s
zsh: 7863 segmentation fault (core dumped)  ./zsh -s

The backtrace is

#0  0x47d9b4 in inittyptab () at utils.c:2510
#1  0x47fed4 in dosetopt (optno=92, value=1, force=268534416) at utils.c:3330
#2  0x447094 in parseargs (argv=0x7fffaf48) at init.c:242
#3  0x4463f0 in main (argc=0, argv=0x7fffaf44) at init.c:60

and the problem is that ifs is null in inittyptab; possibly not too
surprising, since it gets initialised in setupvals(), which is called
a few lines after parseargs() in main().  It looks like SHINSTDIN
wants inittytab set up before the shell's set up enough for it.

I could probably hack round this, but I'm not confident of producing
the right fix, so I'll leave it.

-- 
Peter Stephenson <pws@ifh.de>       Tel: +49 33762 77366
WWW:  http://www.ifh.de/~pws/       Fax: +49 33762 77330
Deutches Electronen-Synchrotron --- Institut fuer Hochenergiephysik Zeuthen
DESY-IfH, 15735 Zeuthen, Germany.

Re: Lethal option-related bug

[Zoltan Hidvegi]

> I just submitted a batch job for the first time with an unpatched
> 3.0-pre4 and it dumped core straight away.  (I think the shell is
> still yelling out `Don't release me!  Don't release me!'.)

OK, I'll make a 3.0-pre5 and will release 3.0 later in August.

> It turns out to be easy to reproduce:
> 
> ./zsh -s
> zsh: 7863 segmentation fault (core dumped)  ./zsh -s

[...]

> and the problem is that ifs is null in inittyptab; possibly not too
> surprising, since it gets initialised in setupvals(), which is called
> a few lines after parseargs() in main().  It looks like SHINSTDIN
> wants inittytab set up before the shell's set up enough for it.
> 
> I could probably hack round this, but I'm not confident of producing
> the right fix, so I'll leave it.

OK, below is a simple and clean fix.  POSIX says that if IFS is unset it
should be treated as if it were set to space-tab-newline.  Zsh does this
but it adds an extra null here.

Zoltan


*** Src/zsh.h	1996/07/28 22:29:59	2.36
--- Src/zsh.h	1996/07/29 08:59:08
***************
*** 57,62 ****
--- 57,67 ----
  
  #define Meta		((char) 0x83)
  
+ /* Note that the fourth character in DEFAULT_IFS is Meta *
+  * followed by a space which denotes the null character. */
+ 
+ #define DEFAULT_IFS	" \t\n\203 "
+ 
  /* Character tokens */
  #define Pound		((char) 0x84)
  #define String		((char) 0x85)
*** Src/utils.c	1996/07/21 15:00:57	2.46
--- Src/utils.c	1996/07/29 17:54:59
***************
*** 2507,2513 ****
      typtab[STOUC(Meta)] |= IMETA;
      for (t0 = (int)STOUC(Pound); t0 <= (int)STOUC(Nularg); t0++)
  	typtab[t0] |= ITOK | IMETA;
!     for (s = ifs; *s; s++) {
  	if (inblank(*s))
  	    if (s[1] == *s)
  		s++;
--- 2507,2513 ----
      typtab[STOUC(Meta)] |= IMETA;
      for (t0 = (int)STOUC(Pound); t0 <= (int)STOUC(Nularg); t0++)
  	typtab[t0] |= ITOK | IMETA;
!     for (s = ifs ? ifs : DEFAULT_IFS; *s; s++) {
  	if (inblank(*s))
  	    if (s[1] == *s)
  		s++;
*** Src/params.c	1996/07/25 18:22:08	2.30
--- Src/params.c	1996/07/29 17:55:53
***************
*** 1574,1583 ****
  ifssetfn(Param pm, char *x)
  {
      zsfree(ifs);
!     if (x)
! 	ifs = x;
!     else
! 	ifs = ztrdup(" \t\n  "), ifs[3] = Meta;
      inittyptab();
  }
  
--- 1574,1580 ----
  ifssetfn(Param pm, char *x)
  {
      zsfree(ifs);
!     ifs = x;
      inittyptab();
  }
  
*** Src/init.c	1996/07/27 20:24:36	2.35
--- Src/init.c	1996/07/29 17:57:54
***************
*** 520,527 ****
  
      if (!(ttystrname = ztrdup(ttyname(SHTTY))))
  	ttystrname = ztrdup("");
!     ifs         = ztrdup(" \t\n  ");
!     ifs[3]      = Meta;
      wordchars   = ztrdup(DEFAULT_WORDCHARS);
      postedit    = ztrdup("");
      underscore  = ztrdup("");
--- 520,526 ----
  
      if (!(ttystrname = ztrdup(ttyname(SHTTY))))
  	ttystrname = ztrdup("");
!     ifs         = ztrdup(DEFAULT_IFS);
      wordchars   = ztrdup(DEFAULT_WORDCHARS);
      postedit    = ztrdup("");
      underscore  = ztrdup("");

Re: Lethal option-related bug

[Peter Stephenson]

hzoli@cs.elte.hu wrote:
> > It turns out to be easy to reproduce:
> > 
> > ./zsh -s
> > zsh: 7863 segmentation fault (core dumped)  ./zsh -s
> > the right fix, so I'll leave it.
> 
> OK, below is a simple and clean fix.  POSIX says that if IFS is unset it
> should be treated as if it were set to space-tab-newline.  Zsh does this
> but it adds an extra null here.

No, that doesn't work: you need to fix up wordchars as well which
causes the same problem.  (I didn't mention that in the original post
because I assumed whoever was making the patch would try it out and
discover this and perhaps other problems.)  The following less elegant
patch does at least fix the core dump.

*** Src/init.c.ifs	Mon Jul 29 18:01:46 1996
--- Src/init.c	Tue Jul 30 10:14:40 1996
***************
*** 59,64 ****
--- 59,67 ----
      opts[MONITOR] = 1;   /* may be unset in init_io() */
      opts[PRIVILEGED] = (getuid() != geteuid() || getgid() != getegid());
      opts[USEZLE] = 1;   /* may be unset in init_io() */
+     ifs         = ztrdup(" \t\n  ");
+     ifs[3]      = Meta;
+     wordchars   = ztrdup(DEFAULT_WORDCHARS);
      parseargs(argv);   /* sets INTERACTIVE, SHINSTDIN and SINGLECOMMAND */
  
      SHTTY = -1;
***************
*** 519,527 ****
  
      if (!(ttystrname = ztrdup(ttyname(SHTTY))))
  	ttystrname = ztrdup("");
-     ifs         = ztrdup(" \t\n  ");
-     ifs[3]      = Meta;
-     wordchars   = ztrdup(DEFAULT_WORDCHARS);
      postedit    = ztrdup("");
      underscore  = ztrdup("");
  
--- 522,527 ----

-- 
Peter Stephenson <pws@ifh.de>       Tel: +49 33762 77366
WWW:  http://www.ifh.de/~pws/       Fax: +49 33762 77330
Deutches Electronen-Synchrotron --- Institut fuer Hochenergiephysik Zeuthen
DESY-IfH, 15735 Zeuthen, Germany.