core dump while completing: infinite recursion?

zsh-workers
 help / color / mirror / code / Atom feed

* core dump while completing: infinite recursion?
@ 2007-12-27 12:37 Jun T.
  2008-01-18 16:27 ` Peter Stephenson
  0 siblings, 1 reply; 2+ messages in thread
From: Jun T. @ 2007-12-27 12:37 UTC (permalink / raw)
  To: zsh-workers

This bug is first repotred in the "Apple Discussion"
http://discussions.apple.com/thread.jspa?threadID=1303878&tstart=0

[1] Problem:
zsh (sometimes) core dumps if "case-insensitive" and "partial-completion" matchings are used simulatneously.

[2] How to reproduce the core dump:
Create a file _mycmd in $HOME/.zsh/functions/ with the following contents:

#compdef mycmd
_mydomains() {
        local -a list
        local expl
        list=( a.b.Cx a.b.cy a.b.cz )
        _wanted domains expl domain compadd -M 'r:|.=* r:|=*' -a list
}
_arguments  '*:domains:_mydomains'

and start a new zsh

% zsh -f
zsh% FPATH=$HOME/.zsh/fuctions:$FPATH
zsh% autoload -U compinit; compinit
zsh% zstyle ':completion:*' matcher-list 'm:{a-z}={A-Z}'
zsh% mycmd a.b.c<TAB>

If you hit <TAB>, zsh hangs and eventually core dumps after few seconds (or minutes). This happens at least on MacOSX and Linux, with zsh-4.3.4-dev-5.

[3] Notes:
It works normaly
if "zstyle ':completion:*' matcher-list 'm:{a-z}={A-Z}'" is not run, or
if "-M 'r:|.=* r:|=*'" is omitted from _mycmd, or
if the value of "list" is changed to either of
 list=( a.b.Cx a.b.cy )
 list=( a.b.cx a.b.cy a.b.cz )
 list=( b.Cx b.cy b.cz )

[4] Possible cause of the core dump:
It seems there is an infinite recursion of free_cline().
As can be seen in the gdb session log below, Cline list (tree) seems to have an loop "l == l->prefix". But I could not figure out where this loop was created.

% gdb =zsh pid_of_running_zsh
(gdb) b add_match_data
(gdb) cont
Continuing.

--- type 'mycmd a.b.c<TAB>' in the zsh being debugged ---

Breakpoint 1, add_match_data (alt=0, str=0x40009788 "a.b.Cx", 
    orig=0x9849118 "a.b.Cx", line=0x40009590, ipre=0x40009558 "", ripre=0x0, 
    isuf=0x40009560 "", pre=0x0, prpre=0x0, ppre=0x0, pline=0x0, psuf=0x0, 
    sline=0x0, suf=0x0, flags=0, exact=0) at compcore.c:2489
2489        char curchar, *t, *f, *fs, *fe, *new_str = NULL;
(gdb) cont
Continuing.

Breakpoint 1, add_match_data (alt=0, str=0x40009960 "a.b.cy", 
    orig=0x9849128 "a.b.cy", line=0x40009810, ipre=0x40009558 "", ripre=0x0, 
    isuf=0x40009560 "", pre=0x0, prpre=0x0, ppre=0x0, pline=0x0, psuf=0x0, 
    sline=0x0, suf=0x0, flags=0, exact=0) at compcore.c:2489
2489        char curchar, *t, *f, *fs, *fe, *new_str = NULL;
(gdb) cont
Continuing.

Breakpoint 1, add_match_data (alt=0, str=0x40009ba8 "a.b.cz", 
    orig=0x9847fd8 "a.b.cz", line=0x40009928, ipre=0x40009558 "", ripre=0x0, 
    isuf=0x40009560 "", pre=0x0, prpre=0x0, ppre=0x0, pline=0x0, psuf=0x0, 
    sline=0x0, suf=0x0, flags=0, exact=0) at compcore.c:2489
2489        char curchar, *t, *f, *fs, *fe, *new_str = NULL;
(gdb) b join_psfx
Breakpoint 2 at 0x4035dbb4: file compmatch.c, line 1782.
(gdb) cont
Continuing.

Breakpoint 2, join_psfx (ot=0x40009590, nt=0x40009928, orest=0x0, nrest=0x0, 
    sfx=0) at compmatch.c:1782
1782        Cline p = NULL, o, n;
(gdb) cont
Continuing.

Breakpoint 2, join_psfx (ot=0x40009718, nt=0x40009b20, orest=0x0, nrest=0x0, 
    sfx=0) at compmatch.c:1782
1782        Cline p = NULL, o, n;
(gdb) print ot->prefix->prefix
$1 = (Cline) 0x40009638
(gdb) print ot->prefix->prefix->prefix
$2 = (Cline) 0x40009638
(gdb) b free_cline
Breakpoint 3 at 0x40359644: file compmatch.c, line 147.
(gdb) cont
Continuing.

Breakpoint 3, free_cline (l=0x40009cc0) at compmatch.c:147
147         while (l) {
(gdb) print l
$3 = (Cline) 0x40009cc0
(gdb) print l->prefix
$4 = (Cline) 0x40009638
(gdb) print l->prefix->prefix
$5 = (Cline) 0x40009638
(gdb) cont
Continuing.

Breakpoint 3, free_cline (l=0x40009638) at compmatch.c:147
147         while (l) {
(gdb) cont
Continuing.

Breakpoint 3, free_cline (l=0x40009638) at compmatch.c:147
147         while (l) {
(gdb) bt
#0  free_cline (l=0x40009638) at compmatch.c:147
#1  0x40359674 in free_cline (l=0x40009638) at compmatch.c:151
#2  0x40359674 in free_cline (l=0x40009cc0) at compmatch.c:151
#3  0x4035e12a in join_psfx (ot=0x40009718, nt=0x40009b20, orest=0x0, 
    nrest=0x0, sfx=0) at compmatch.c:1916
#4  0x4035e4f9 in sub_join (a=0x40009718, b=0x40009b20, e=0x40009b20, anew=0)
    at compmatch.c:2019
#5  0x4035ee3e in join_clines (o=0x40009718, n=0x40009848) at compmatch.c:2244
#6  0x40357596 in add_match_data (alt=0, str=0x40009ba8 "a.b.cz", 
    orig=0x8d018c0 "a.b.cz", line=0x40009928, ipre=0x40009558 "", ripre=0x0, 
    isuf=0x40009560 "", pre=0x0, prpre=0x0, ppre=0x0, pline=0x0, psuf=0x0, 
    sline=0x0, suf=0x0, flags=0, exact=0) at compcore.c:2835
#7  0x40355c98 in addmatches (dat=0xbfdd50a4, argv=0x8cb4238)
    at compcore.c:2399
#8  0x4034c74f in bin_compadd (name=0x4039bbc8 "compadd", argv=0xbfdd514c, 
    ops=0xbfdd5190, func=0) at complete.c:638
#9  0x08052f4a in execbuiltin (args=0x4039bae8, bn=0x40368ae0) at builtin.c:438
#10 0x0806ec4c in execcmd (state=0xbfdd6ebc, input=0, output=0, how=2, last1=2)
    at exec.c:2925
#11 0x0806a844 in execpline2 (state=0xbfdd6ebc, pcode=2563, how=2, input=0, 
    output=0, last1=0) at exec.c:1489
#12 0x08069c26 in execpline (state=0xbfdd6ebc, slcode=5154, how=2, last1=0)
    at exec.c:1275
.....
#256 0x08082511 in loop (toplevel=1, justonce=0) at init.c:129
#257 0x080851ed in zsh_main (argc=2, argv=0xbfdec1e4) at init.c:1352
#258 0x08052626 in main (argc=0, argv=0x0) at ./main.c:93


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: core dump while completing: infinite recursion?
  2007-12-27 12:37 core dump while completing: infinite recursion? Jun T.
@ 2008-01-18 16:27 ` Peter Stephenson
  0 siblings, 0 replies; 2+ messages in thread
From: Peter Stephenson @ 2008-01-18 16:27 UTC (permalink / raw)
  To: Jun T., zsh-workers

On Thu, 27 Dec 2007 21:37:01 +0900
"Jun T." <takimoto-j@kba.biglobe.ne.jp> wrote:
> This bug is first repotred in the "Apple Discussion"
> http://discussions.apple.com/thread.jspa?threadID=1303878&tstart=0
> 
> [1] Problem:
> zsh (sometimes) core dumps if "case-insensitive" and "partial-completion"
> matchings are used simulatneously.

Thanks for the detailed instructions; I got this to happen easily when I
finally looked.

It seems to fix it if we do a "deep" copy of the structures involved at one
point in the code.  The code here is particularly obscure, but I think this
was original done as a matter of efficiency, so this should be OK.

Index: Src/Zle/compmatch.c
===================================================================
RCS file: /cvsroot/zsh/zsh/Src/Zle/compmatch.c,v
retrieving revision 1.52
diff -u -r1.52 compmatch.c
--- Src/Zle/compmatch.c	28 Nov 2007 21:14:14 -0000	1.52
+++ Src/Zle/compmatch.c	18 Jan 2008 16:23:33 -0000
@@ -2003,8 +2003,8 @@
 	ca = a->prefix;
 
 	while (n) {
-	    e->prefix = cp_cline(n, 0);
-	    a->prefix = cp_cline(ca, 0);
+	    e->prefix = cp_cline(n, 1);
+	    a->prefix = cp_cline(ca, 1);
 
 	    if (anew) {
 		int f = e->flags;

-- 
Peter Stephenson <pws@csr.com>                  Software Engineer
CSR PLC, Churchill House, Cambridge Business Park, Cowley Road
Cambridge, CB4 0WZ, UK                          Tel: +44 (0)1223 692070


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2008-01-18 16:30 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-12-27 12:37 core dump while completing: infinite recursion? Jun T.
2008-01-18 16:27 ` Peter Stephenson

Code repositories for project(s) associated with this public inbox

	https://git.vuxu.org/mirror/zsh/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).