From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <zsh-workers-return-20135-mason-zsh=primenet.com.au@sunsite.dk>
Received: (qmail 5208 invoked from network); 6 Jul 2004 19:23:55 -0000
Received: from odin.dotsrc.org (HELO a.mx.sunsite.dk) (130.225.247.85)
  by ns1.primenet.com.au with SMTP; 6 Jul 2004 19:23:55 -0000
Received: (qmail 7473 invoked from network); 6 Jul 2004 20:39:13 -0000
Received: from sunsite.dk (130.225.247.90)
  by a.mx.sunsite.dk with SMTP; 6 Jul 2004 20:39:13 -0000
Received: (qmail 15744 invoked by alias); 6 Jul 2004 19:23:39 -0000
Mailing-List: contact zsh-workers-help@sunsite.dk; run by ezmlm
Precedence: bulk
X-No-Archive: yes
X-Seq: 20135
Received: (qmail 15735 invoked from network); 6 Jul 2004 19:23:39 -0000
Received: from odin.dotsrc.org (HELO a.mx.sunsite.dk) (qmailr@130.225.247.85)
  by sunsite.dk with SMTP; 6 Jul 2004 19:23:39 -0000
Received: (qmail 7236 invoked from network); 6 Jul 2004 20:39:05 -0000
Received: from acolyte.scowler.net (216.254.112.45)
  by a.mx.sunsite.dk with SMTP; 6 Jul 2004 20:38:52 -0000
Received: from localhost (localhost [127.0.0.1])
	by acolyte.scowler.net (Postfix) with ESMTP id 86BF570053;
	Tue,  6 Jul 2004 15:22:54 -0400 (EDT)
Received: from acolyte.scowler.net ([127.0.0.1])
	by localhost (acolyte [127.0.0.1]) (amavisd-new, port 10024)
	with LMTP id 05303-02; Tue, 6 Jul 2004 15:22:27 -0400 (EDT)
Received: by acolyte.scowler.net (Postfix, from userid 1000)
	id DE8AF7004F; Tue,  6 Jul 2004 15:22:23 -0400 (EDT)
Date: Tue, 6 Jul 2004 15:22:23 -0400
From: Clint Adams <clint@zsh.org>
To: zsh-workers@sunsite.dk
Cc: Matt Zimmerman <mdz@debian.org>, 251378@bugs.debian.org,
	251378-submitter@debian.org
Subject: Re: Bug#251378: zsh: segfaults when globing includes too many files
Message-ID: <20040706192223.GA378@scowler.net>
References: <20040528131425.GC2289@via.ecp.fr> <20040528135026.GA21637@scowler.net> <20040528135729.GD2289@via.ecp.fr> <20040528141431.GA30024@scowler.net> <20040528142505.GE2289@via.ecp.fr> <20040528174021.GA5975@scowler.net> <20040528190653.GA2661@via.ecp.fr> <20040706181235.GA32727@scowler.net> <20040706184752.GC1881@alcor.net> <20040706185926.GA14980@scowler.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20040706185926.GA14980@scowler.net>
User-Agent: Mutt/1.5.6+20040523i
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at scowler.net
X-Spam-Checker-Version: SpamAssassin 2.63 on a.mx.sunsite.dk
X-Spam-Level: 
X-Spam-Status: No, hits=0.0 required=6.0 tests=none autolearn=no version=2.63
X-Spam-Hits: 0.0

> I can't reproduce this yet, but some people are experiencing segfaults
> when globbing in /usr/share/doc.  The source shown below includes 19920.
> This also happens with HEAD, I think.

Also this.  So h->next is getting corrupted somewhere?

--Fwd--
(gdb) list
348     #endif
349
350         /* find a heap with enough free space */
351
352         for (h = ((fheap && ARENA_SIZEOF(fheap) >= (size + fheap->used))
353                   ? fheap : heaps);
354              h; h = h->next) {
355             if (ARENA_SIZEOF(h) >= (n = size + h->used)) {
356                 void *ret;
357
(gdb) print fheap
$8 = 0x40343000
(gdb) print fheap->used
Cannot access memory at address 0x40343008
(gdb)
--Fwd--