From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.3 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,UNPARSEABLE_RELAY autolearn=ham
	autolearn_force=no version=3.4.4
Received: (qmail 16577 invoked from network); 6 Sep 2021 10:20:24 -0000
Received: from zero.zsh.org (2a02:898:31:0:48:4558:7a:7368)
  by inbox.vuxu.org with ESMTPUTF8; 6 Sep 2021 10:20:24 -0000
ARC-Seal: i=1; cv=none; a=rsa-sha256; d=zsh.org; s=rsa-20210803; t=1630923624;
	 b=PFfMZQllee85Eisb6i8nZNv10xq0NoT1R5cQowbhUHDcCN3fRcQgGq7ydINM9D4EfRPAJNENWR
	  sJ+ihmUc8XJM8dvN2qCKYtAS9Yx33nA6EtMMuSm1M4/nllZ1oi3tM0Bh0OiTPScYmT7dNGUHOB
	  rnFAO39P3RmUHKdnrmp8x+RFkuLq0Ql4xLj87z8D6M/JSiiVxIe9LEI0e9yG0ryhvergn4PBS5
	  hyVfVMyybPb9pwegyj3fLlZERxkBNr20NiouRREeiL0e/eq5fUPp1mr0+r9+UcB7UT9pEDAHiH
	  bFVPI5tKulhSd6rRbXqHGACOzzo3dpZ/w2aaiT5eIeuufw==;
ARC-Authentication-Results: i=1; zsh.org;
	iprev=pass (snd01011-bg.im.kddi.ne.jp) smtp.remote-ip=27.86.113.27;
	dmarc=none header.from=kba.biglobe.ne.jp;
	arc=none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed; d=zsh.org; s=rsa-20210803; t=1630923624;
	bh=YB7aGJlkAr0im0b0EZaPt4L0rdWNWVTElBagKyvgnbQ=;
	h=List-Archive:List-Owner:List-Post:List-Unsubscribe:List-Subscribe:List-Help:
	  List-Id:Sender:Message-ID:In-Reply-To:To:References:Date:Subject:
	  MIME-Version:Content-Transfer-Encoding:Content-Type:From:DKIM-Signature;
	b=KXplATRHl3z7uSsQgziH5ePM/lXyY95I0kBnmM7Gre2l75rjgi+euiso683yGY8WF2joTp6QAt
	  dkdUA+QB+EMPTPrsnPKybOEi+p+4aSgen8towf7L+UMt9bynoB9qc3XRAtUR7yZgGoFHUG6Q9c
	  Do7ZbAwPIqzoN9Y6scVv8q5+aZ8LT8+/eXZY17WFZWzQteponVLEZ8f7OkukeeSdOGhJdIia1w
	  YkbU63YrEYI9/LXYGn2YJYgbXJxZCRloyGP0NcwXYdQGMsb/0r4VArOO5eQSH/0DnFAERUtHW1
	  RY8HnxaTa9nAhWvziLgdIwrDHS0kKNTNoHLRDQ0Jd0Vkqw==;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=zsh.org;
	s=rsa-20210803; h=List-Archive:List-Owner:List-Post:List-Unsubscribe:
	List-Subscribe:List-Help:List-Id:Sender:Message-Id:In-Reply-To:To:References:
	Date:Subject:Mime-Version:Content-Transfer-Encoding:Content-Type:From:
	Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID;
	bh=QCdzk2wzApCIgjKDvzWZ2vv3Fm3yh+EOQHFclaK4oBA=; b=RMLbF9FfAwzALOnQONcjSXbNJc
	UJZzawKNcmPR7w8l57Jc0ftTOlDqxVEZfz8y6G+qYd+ydF0WbaVOM9/dRDpBHmV9DjyFOA16U3+l0
	QR8y5mFibwTXwkdbYFrTOGMpbz2Y/7S60bhAM6uMSMhnot/t3x4/oem+ctKkoRRyRIvnbDuL9jKsJ
	YCiupGA2rS9n3XzGmkSRDFth81g4X/gK99SXaqbjBkUqOcztEzf6TfHwuMtogCdKSMqnPaDNmuFWm
	/rWu6pVeGneEwHKmtBDEB+LuYsLEmetZyt17OI59+4bT1QQ6RKv8KRQq0CeQPFV+3PrMM5ZLVieLb
	ziUcIf8w==;
Received: from authenticated user by zero.zsh.org with local 
	id 1mNBjh-000Fd3-Th; Mon, 06 Sep 2021 10:20:21 +0000
Authentication-Results: zsh.org;
	iprev=pass (snd01011-bg.im.kddi.ne.jp) smtp.remote-ip=27.86.113.27;
	dmarc=none header.from=kba.biglobe.ne.jp;
	arc=none
Received: from snd01011-bg.im.kddi.ne.jp ([27.86.113.27]:65473 helo=dfmta1006.biglobe.ne.jp)
	by zero.zsh.org with esmtp 
	id 1mNBjM-000FKt-0V; Mon, 06 Sep 2021 10:20:02 +0000
Received: from mail.biglobe.ne.jp by omta1006.biglobe.ne.jp with ESMTP
          id <20210906101954976.MMHG.124531.mail.biglobe.ne.jp@biglobe.ne.jp>
          for <zsh-workers@zsh.org>; Mon, 6 Sep 2021 19:19:54 +0900
From: Jun T <takimoto-j@kba.biglobe.ne.jp>
Content-Type: text/plain;
	charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
Subject: Re: segfault in bindkey -d
Date: Mon, 6 Sep 2021 19:19:54 +0900
References: <YSLJIG0MrkUCspJd@isis.sigpipe.cz>
To: zsh-workers@zsh.org
In-Reply-To: <YSLJIG0MrkUCspJd@isis.sigpipe.cz>
Message-Id: <19B24483-6DFF-44FF-9AFC-BE32EB0ACC1E@kba.biglobe.ne.jp>
X-Mailer: Apple Mail (2.3445.104.21)
X-Biglobe-Sender: takimoto-j@kba.biglobe.ne.jp
X-Seq: 49377
Archived-At: <https://zsh.org/workers/49377>
X-Loop: zsh-workers@zsh.org
Errors-To: zsh-workers-owner@zsh.org
Precedence: list
Precedence: bulk
Sender: zsh-workers-request@zsh.org
X-no-archive: yes
List-Id: <zsh-workers.zsh.org>
List-Help: <mailto:sympa@zsh.org?subject=help>
List-Subscribe: <mailto:sympa@zsh.org?subject=subscribe%20zsh-workers>
List-Unsubscribe: <mailto:sympa@zsh.org?subject=unsubscribe%20zsh-workers>
List-Post: <mailto:zsh-workers@zsh.org>
List-Owner: <mailto:zsh-workers-request@zsh.org>
List-Archive: <http://www.zsh.org/sympa/arc/zsh-workers>



> 2021/08/23 7:01, Roman Neuhauser <neuhauser@sigpipe.cz> wrote:

Thanks for the report, roman.

> this reliably crashes the shell, both 5.8.0 and zsh-5.8-462-g765bc14:
>=20
> bindkey -N a; bindkey -N b; bindkey -N c; bindkey -N d; bindkey -N e; =
bindkey -d

If five keymaps 'a' .. 'e' are added, total number of keymaps becomes 14 =
=3D 2*7
(7 is the initial size of the hash table 'keymapnamtab'), and =
expandhashtable()
is called for keymapnamtab. As a result order of the keymaps in the =
table changes.

This should not cause any problem, of cause. But with the current code, =
when
removing all the keymaps by 'bindkey -d', we get coredump if 'emacs' is =
removed
before 'main'.

'bindkey -d' calls:
	keymapnamtab->emptytable() =3D emptyhashtable()
   	resizehashtable()
	ht->freenode() (hashtalbe.c:496) =3D freekeymapnamnode() =
(zle_keymap.c)
	unrefkeymap_by_name().

When unrefkeymap_by_name() is called for the 'emacs' keymap, =
scanhashtable() is
called because the reference count of the keymap (return value of =
unrefkeymap(km))
is nonzero and 'main' is the primary name for the keymap.
But calling scanhashtable() for a table that is currently being erased =
can cause
a coredump (at line 400 in hashtable.c).

Since we need not bother correctly setting km->primary when erasing all =
the
keymaps, a possible fix is to create a function to erase keymapnamtab =
and use it
for keymapnamtab->emptytable instead of the general function =
emptyhashtable().

Also added a test in X03zlebindkey.ztst (assuming that adding five =
keymaps will
call expandhashtable() in all the future versions of zsh...).=20


diff --git a/Src/Zle/zle_keymap.c b/Src/Zle/zle_keymap.c
index 2389ab754..d90838f03 100644
--- a/Src/Zle/zle_keymap.c
+++ b/Src/Zle/zle_keymap.c
@@ -155,7 +155,7 @@ createkeymapnamtab(void)
     keymapnamtab =3D newhashtable(7, "keymapnamtab", NULL);
=20
     keymapnamtab->hash        =3D hasher;
-    keymapnamtab->emptytable  =3D emptyhashtable;
+    keymapnamtab->emptytable  =3D emptykeymapnamtab;
     keymapnamtab->filltable   =3D NULL;
     keymapnamtab->cmpnodes    =3D strcmp;
     keymapnamtab->addnode     =3D addhashnode;
@@ -178,6 +178,26 @@ makekeymapnamnode(Keymap keymap)
     return kmn;
 }
=20
+/**/
+static void
+emptykeymapnamtab(HashTable ht)
+{
+    struct hashnode *hn, *hp;
+    int i;
+
+    for (i =3D 0; i < ht->hsize; i++) {
+	for (hn =3D ht->nodes[i]; hn;) {
+	    KeymapName kmn =3D (KeymapName) hn;
+	    hp =3D hn->next;
+	    zsfree(kmn->nam);
+	    unrefkeymap(kmn->keymap);
+	    zfree(kmn, sizeof(*kmn));
+	    hn =3D hp;
+	}
+	ht->nodes[i] =3D NULL;
+    }
+    ht->ct =3D 0;
+}
=20
 /*
  * Reference a keymap from a keymapname.
diff --git a/Test/X03zlebindkey.ztst b/Test/X03zlebindkey.ztst
index d643b1ec9..3e299a337 100644
--- a/Test/X03zlebindkey.ztst
+++ b/Test/X03zlebindkey.ztst
@@ -141,3 +141,18 @@
 >CURSOR: 18
 >BUFFER: echo $(( ##x ) ##x ) y
 >CURSOR: 22
+
+  bindkey -d
+  for name in a b c d e; bindkey -N $name
+  bindkey -d
+  bindkey -l
+0:delete all keymaps after expanding keymapnamtab
+>.safe
+>command
+>emacs
+>isearch
+>main
+>vicmd
+>viins
+>viopp
+>visual