From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <zsh-workers-return-9458-mason-zsh=primenet.com.au@sunsite.auc.dk>
Received: (qmail 8137 invoked from network); 28 Jan 2000 13:57:11 -0000
Received: from sunsite.auc.dk (130.225.51.30)
  by ns1.primenet.com.au with SMTP; 28 Jan 2000 13:57:11 -0000
Received: (qmail 1603 invoked by alias); 28 Jan 2000 13:56:02 -0000
Mailing-List: contact zsh-workers-help@sunsite.auc.dk; run by ezmlm
Precedence: bulk
X-No-Archive: yes
X-Seq: 9458
Received: (qmail 1586 invoked from network); 28 Jan 2000 13:55:58 -0000
Date: Fri, 28 Jan 2000 14:55:53 +0100 (MET)
Message-Id: <200001281355.OAA25741@beta.informatik.hu-berlin.de>
From: Sven Wischnowsky <wischnow@informatik.hu-berlin.de>
To: zsh-workers@sunsite.auc.dk
In-reply-to: Tanaka Akira's message of 26 Jan 2000 20:54:15 +0900
Subject: Re: core dump with completion


Tanaka Akira wrote:

> In article <200001261009.LAA16179@beta.informatik.hu-berlin.de>,
>   Sven Wischnowsky <wischnow@informatik.hu-berlin.de> writes:
> 
> > But I can't repeat the bug. Tanaka, can you try it using --enable-zsh-mem,
> > --enable-secure-free and --enable-mem-warining? That may (or may not)
> > give us more information where it is actually failing. Also: does it
> > use mmap for heaps on Solaris 7?
> 
> zsh built with 
>   ./configure --prefix=/space/akr/zsh/tmp --enable-zsh-debug --enable-zsh-mem-debug --enable-zsh-mem --enable-secure-free --enable-mem-warining
> doesn't dump core.  It seems to work well.
> 
> Since `egrep 'HAVE_SYS_MMAN_H|HAVE_MMAP|HAVE_MUNMAP' config.h' says
> follows, mmap is used, maybe.
> 
> #define HAVE_MMAP 1
> #define HAVE_MUNMAP 1
> #define HAVE_SYS_MMAN_H 1
> 
> Also note that I found zsh patched upto 9419 doesn't have the problem.
> So I suspect the problem is related to 9421.

That was a hint... I still couldn't reproduce it (of course, that
would have been too easy, sigh), but I found a place where freed
memory was accessed. So, if the allocator somehow re-uses the
memory...

The last hunk makes zsh use heap memory when listing the completions,
Tanaka, could you please try it without that hunk? To see if the other
stuff fixes the bug.

Bye
 Sven

diff -ru ../z.old/Src/Zle/complete.c Src/Zle/complete.c
--- ../z.old/Src/Zle/complete.c	Fri Jan 28 14:08:53 2000
+++ Src/Zle/complete.c	Fri Jan 28 14:45:44 2000
@@ -1026,7 +1026,7 @@
 
     comprpms[CPN_COMPSTATE] = cpm;
     tht = paramtab;
-    cpm->level = locallevel;
+    cpm->level = locallevel + 1;
     cpm->gets.hfn = get_compstate;
     cpm->sets.hfn = set_compstate;
     cpm->unsetfn = compunsetfn;
@@ -1146,8 +1146,24 @@
 	    }
 	}
     } else if (PM_TYPE(pm->flags) == PM_HASHED) {
+	Param *p;
+	int i;
+
 	deletehashtable(pm->u.hash);
 	pm->u.hash = NULL;
+
+	for (p = compkpms, i = CP_KEYPARAMS; i--; p++)
+	    *p = NULL;
+    }
+    if (!exp) {
+	Param *p;
+	int i;
+
+	for (p = comprpms, i = CP_REALPARAMS; i; p++, i--)
+	    if (*p == pm) {
+		*p = NULL;
+		break;
+	    }
     }
 }
 
@@ -1159,18 +1175,22 @@
 
     if (comprpms && (rset >= 0 || runset >= 0)) {
 	for (p = comprpms; rset || runset; rset >>= 1, runset >>= 1, p++) {
-	    if (rset & 1)
-		(*p)->flags &= ~PM_UNSET;
-	    if (runset & 1)
-		(*p)->flags |= PM_UNSET;
+	    if (*p) {
+		if (rset & 1)
+		    (*p)->flags &= ~PM_UNSET;
+		if (runset & 1)
+		    (*p)->flags |= PM_UNSET;
+	    }
 	}
     }
-    if (comprpms && (kset >= 0 || kunset >= 0)) {
+    if (compkpms && (kset >= 0 || kunset >= 0)) {
 	for (p = compkpms; kset || kunset; kset >>= 1, kunset >>= 1, p++) {
-	    if (kset & 1)
-		(*p)->flags &= ~PM_UNSET;
-	    if (kunset & 1)
-		(*p)->flags |= PM_UNSET;
+	    if (*p) {
+		if (kset & 1)
+		    (*p)->flags &= ~PM_UNSET;
+		if (kunset & 1)
+		    (*p)->flags |= PM_UNSET;
+	    }
 	}
     }
 }
diff -ru ../z.old/Src/Zle/compresult.c Src/Zle/compresult.c
--- ../z.old/Src/Zle/compresult.c	Fri Jan 28 14:08:54 2000
+++ Src/Zle/compresult.c	Fri Jan 28 14:50:19 2000
@@ -1828,19 +1828,24 @@
 list_matches(Hookdef dummy, void *dummy2)
 {
     struct chdata dat;
+    int ret;
 
+    HEAPALLOC {
 #ifdef DEBUG
-    /* Sanity check */
-    if (!validlist) {
-	showmsg("BUG: listmatches called with bogus list");
-	return 1;
-    }
+	/* Sanity check */
+	if (!validlist) {
+	    showmsg("BUG: listmatches called with bogus list");
+	    return 1;
+	}
 #endif
 
-    dat.matches = amatches;
-    dat.num = nmatches;
-    dat.cur = NULL;
-    return runhookdef(COMPLISTMATCHESHOOK, (void *) &dat);
+	dat.matches = amatches;
+	dat.num = nmatches;
+	dat.cur = NULL;
+	ret = runhookdef(COMPLISTMATCHESHOOK, (void *) &dat);
+    } LASTALLOC;
+
+    return ret;
 }
 
 /* Invalidate the completion list. */

--
Sven Wischnowsky                         wischnow@informatik.hu-berlin.de