Re: zsh dumps core on ssh <TAB><C-c><C-c><C-d>

Re: zsh dumps core on ssh <TAB><C-c><C-c><C-d>

[Sven Wischnowsky]

Tanaka Akira wrote:

> zsh dumps core as follows:
> 
> Z(2):akr@is27e1u11% Src/zsh -f
> is27e1u11% bindkey -e; fpath=($PWD/Completion/*(/)); autoload -U compinit; compinit -D; compdef _tst tst
> is27e1u11% ssh <TAB><C-c><C-c>
> is27e1u11% <C-d>
> zsh: segmentation fault (core dumped)  Src/zsh -f
> Z(2):akr@is27e1u11% gdb Src/zsh core
> ...
> #0  0x9ed24 in freearray (s=0x0) at utils.c:2192
> 2192        while (*s)

I sometimes forget that freearray() can't savely be called with a NULL 
pointer -- contrary to the other freeing functions.

This makes it saver, even adding a DPUTS() to freearray().

The interesting bit is that this was triggered by the module patch
that made the cleanup functions of all modules be called at the
end. Without that we probably wouldn't have found this bug.

Bye
 Sven

diff -u -r oldsrc/Zle/computil.c Src/Zle/computil.c
--- oldsrc/Zle/computil.c	Fri Nov 26 09:53:32 1999
+++ Src/Zle/computil.c	Mon Nov 29 10:03:05 1999
@@ -451,13 +451,15 @@
 	Caopt p, n;
 
 	zsfree(d->match);
-	freearray(d->defs);
+	if (d->defs)
+	    freearray(d->defs);
 
 	for (p = d->opts; p; p = n) {
 	    n = p->next;
 	    zsfree(p->name);
 	    zsfree(p->descr);
-	    freearray(p->xor);
+	    if (p->xor)
+		freearray(p->xor);
 	    freecaargs(p->args);
 	    zfree(p, sizeof(*p));
 	}
@@ -1592,13 +1594,15 @@
 	Cvval p, n;
 
 	zsfree(d->descr);
-	freearray(d->defs);
+	if (d->defs)
+	    freearray(d->defs);
 
 	for (p = d->vals; p; p = n) {
 	    n = p->next;
 	    zsfree(p->name);
 	    zsfree(p->descr);
-	    freearray(p->xor);
+	    if (p->xor)
+		freearray(p->xor);
 	    freecaargs(p->arg);
 	    zfree(p, sizeof(*p));
 	}
@@ -2211,7 +2215,8 @@
 	n = s->next;
 
 	zsfree(s->name);
-	freearray(s->vals);
+	if (s->vals)
+	    freearray(s->vals);
 	zfree(s, sizeof(*s));
 
 	s = n;
@@ -2274,7 +2279,8 @@
 
 	    /* Exists -> replace. */
 
-	    freearray(s->vals);
+	    if (s->vals)
+		freearray(s->vals);
 	    PERMALLOC {
 		s->vals = arrdup(vals);
 	    } LASTALLOC;
@@ -2616,7 +2622,8 @@
     while (s) {
 	n = s->next;
 
-	freearray(s->tags);
+	if (s->tags)
+	    freearray(s->tags);
 	zfree(s, sizeof(*s));
 
 	s = n;
@@ -2627,7 +2634,8 @@
 freectags(Ctags t)
 {
     if (t) {
-	freearray(t->all);
+	if (t->all)
+	    freearray(t->all);
 	zsfree(t->context);
 	freectset(t->sets);
 	zfree(t, sizeof(*t));
diff -u -r oldsrc/utils.c Src/utils.c
--- oldsrc/utils.c	Fri Nov 26 09:53:30 1999
+++ Src/utils.c	Mon Nov 29 10:04:09 1999
@@ -2189,6 +2189,8 @@
 {
     char **t = s;
 
+    DPUTS(!s, "freearray() with zero argument");
+
     while (*s)
 	zsfree(*s++);
     free(t);

--
Sven Wischnowsky                         wischnow@informatik.hu-berlin.de

zsh dumps core on ssh <TAB><C-c><C-c><C-d>

[Tanaka Akira]

zsh dumps core as follows:

Z(2):akr@is27e1u11% Src/zsh -f
is27e1u11% bindkey -e; fpath=($PWD/Completion/*(/)); autoload -U compinit; compinit -D; compdef _tst tst
is27e1u11% ssh <TAB><C-c><C-c>
is27e1u11% <C-d>
zsh: segmentation fault (core dumped)  Src/zsh -f
Z(2):akr@is27e1u11% gdb Src/zsh core
...
#0  0x9ed24 in freearray (s=0x0) at utils.c:2192
2192        while (*s)
(gdb) where
#0  0x9ed24 in freearray (s=0x0) at utils.c:2192
#1  0xfefd32a8 in freecadef (d=0x155ca8) at computil.c:460
#2  0xfefdccb0 in finish_ (m=0xd3958) at computil.c:2855
#3  0x67d54 in dyn_finish_module (m=0xd3958) at module.c:581
#4  0x67f38 in finish_module (m=0xd3958) at module.c:621
#5  0x6aff4 in unload_module (m=0xd3958, node=0x0, force=1) at module.c:1301
#6  0x68da4 in exit_modules () at module.c:875
#7  0x27378 in zexit (val=0, from_signal=0) at builtin.c:3204
#8  0x1b280 in main (argc=2, argv=0xffbef48c) at ./main.c:100
(gdb) 
-- 
Tanaka Akira