zsh-mem & prompt

zsh-mem & prompt

[Louis Granboulan]

This is zsh-3.0-pre5 on a SPARCstation-5 with SunOS 4.1.4
When it is configured with --enable-zsh-mem, I have the following
message : attempt to free more than allocated
The problem is that the prompt buffer `lpptbuf' does not terminate with '\0'.

Here is a patch that solves this:
*** zle_misc.c.orig     Wed Jul 31 17:43:13 1996
--- zle_misc.c  Fri Aug  2 16:55:55 1996
***************
*** 1279,1280 ****
--- 1279,1285 ----
      }
+     /* Terminate the string */
+     if (! *fm) {
+       addbufspc(1);
+       pputc(*fm);
+     }

Re: zsh-mem & prompt

[Zoltan Hidvegi]

> This is zsh-3.0-pre5 on a SPARCstation-5 with SunOS 4.1.4
> When it is configured with --enable-zsh-mem, I have the following
> message : attempt to free more than allocated
> The problem is that the prompt buffer `lpptbuf' does not terminate with '\0'.

That's not really a problem.  The problem is that zsfree used.  The patch
below fixes that.  It allso changes mem.c to fill the freed memory with
0xff insted of zero.  Dereferencing ~0 should also cause SEGV and after
this patch newly allocated string buffers will not be automatically null
terminated so it may bring up some bugs (of course only if zsh is
configured using ./configure --enable-zsh-{mem,{mem-,}debug,secure-free}).
I did not see this prompt bug exacly because of this automatic zero-fill.

Btw. it may fix those mysterious core dumps reported by Bill.  Bill, would
you try it?

Zoltan


*** Src/zle_refresh.c	1996/07/31 15:45:25	2.11
--- Src/zle_refresh.c	1996/08/02 15:47:04
***************
*** 996,1003 ****
  void
  genprompts(void)
  {
!     zsfree(lpptbuf);
!     zsfree(rpptbuf);
      lpptbuf = putprompt(lpmpt, &lpptlen, &pptw, 1);
      pmpt_attr = txtchange;
      rpptbuf = putprompt(rpmpt, &rpptlen, &rpw, 1);
--- 996,1003 ----
  void
  genprompts(void)
  {
!     zfree(lpptbuf, lpptlen);
!     zfree(rpptbuf, rpptlen);
      lpptbuf = putprompt(lpmpt, &lpptlen, &pptw, 1);
      pmpt_attr = txtchange;
      rpptbuf = putprompt(rpmpt, &rpptlen, &rpw, 1);
*** Src/mem.c	1996/07/29 23:44:19	2.8
--- Src/mem.c	1996/08/02 15:40:37
***************
*** 831,837 ****
  
  #ifdef ZSH_MEM_DEBUG
  		m_f[M_BSLEN(mt->len) / M_ISIZE]++;
! 		memset(sh, 0, M_BSLEN(mt->len));
  #endif
  
  		/* put the block onto the free list */
--- 831,837 ----
  
  #ifdef ZSH_MEM_DEBUG
  		m_f[M_BSLEN(mt->len) / M_ISIZE]++;
! 		memset(sh, 0xff, M_BSLEN(mt->len));
  #endif
  
  		/* put the block onto the free list */
***************
*** 904,910 ****
      }
      DPUTS(m->len < osz, "attempt to free more than allocated.");
  #ifdef ZSH_MEM_DEBUG
!     memset(p, 0, m->len);
  #endif
      if (mt && ((char *)mt) == (((char *)m) + M_ISIZE + m->len)) {
  	/* the block after the one we are freeing is free, we put them
--- 904,910 ----
      }
      DPUTS(m->len < osz, "attempt to free more than allocated.");
  #ifdef ZSH_MEM_DEBUG
!     memset(p, 0xff, m->len);
  #endif
      if (mt && ((char *)mt) == (((char *)m) + M_ISIZE + m->len)) {
  	/* the block after the one we are freeing is free, we put them

Re: zsh-mem & prompt

[Bill Pemberton]

Zoltan Hidvegi writes:
> 
> Btw. it may fix those mysterious core dumps reported by Bill.  Bill, would
> you try it?
> 

That's better, but doesn't stop the crashes.

It now takes a little work (feeding it a couple of command lines) before it
crashes, it now crashes line 593 of mem.c:

m->free = sh->next;


-- 
Bill Pemberton                           wfp5p@virginia.edu
ITC/Unix Systems                         flash@virginia.edu
University of Virginia                   uunet!virginia!wfp5p