Re: Bug#535232: zsh: segfaults while trying to free in hend

zsh-workers
 help / color / mirror / code / Atom feed

* Re: Bug#535232: zsh: segfaults while trying to free in hend
       [not found] <20090630222133.8940.9856.reportbug@deng-aberr.internal.itasoftware.com>
@ 2009-08-09 18:47 ` Clint Adams
  2009-08-16 19:01   ` Peter Stephenson
  0 siblings, 1 reply; 2+ messages in thread
From: Clint Adams @ 2009-08-09 18:47 UTC (permalink / raw)
  To: Alec Berryman, 535232; +Cc: zsh-workers

On Tue, Jun 30, 2009 at 06:21:33PM -0400, Alec Berryman wrote:
> Recently (one or two weeks, probably when I upgraded to the current version of
> zsh), I've been seeing intermittent segfaults - I'll run a command like less or
> cd and my terminal will die on me.  I've never seen it happen in a long-running
> shell; if it makes it through the first few commands, everything works.
> 
> I got the attached backtrace.

Thanks.

> (run as 'MALLOC_CHECK_=2 gdb /bin/zsh4' with zsh 4.3.10-2)
> 
> 
> Script started on Tue 30 Jun 2009 05:41:18 PM EDT
> GNU gdb 6.8-debian
> Copyright (C) 2008 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "x86_64-linux-gnu"...
> (gdb) run
> Starting program: /bin/zsh4 
> /home/aberryman/dotfiles/bash/interactive-shell:bindkey:281: warning: `bindkey -m' disables multibyte support
> ^[]2;deng-aberr:  /home/aberryman\a^[]1;deng-aberr\a/etc/zsh/zshrc:unalias:42: no such hash table element: run-help
> ^[]2;deng-aberr:  /home/aberryman\a^[]1;deng-aberr\a^[[1m^[[7m%^[[27m^[[1m^[[0m                                                                                                                                   
> 
> ^[[0m^[[27m^[[24m^[[J^[[1m[~] deng-aberr|^[[0m ^[[Kq\bqpx gt0
> [... some stuff censored, command just sets up some environment variables ...]
> /home/aberryman/dotfiles/bash/interactive-shell:bindkey:281: warning: `bindkey -m' disables multibyte support
> ^[]2;[QPX:gt0]  deng-aberr:  /home/aberryman\a^[]1;deng-aberr\a^[[1m^[[7m%^[[27m^[[1m^[[0m                                                                                                                                   
> 
> ^[[0m^[[27m^[[24m^[[J^[[1m[~] deng-aberr|^[[0m ^[[Kc\bcd $Q
> 
> Program received signal SIGABRT, Aborted.
> 0x00002ad0ef999065 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
> 64	../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
> 	in ../nptl/sysdeps/unix/sysv/linux/raise.c
> (gdb) backtrace full
> #0  0x00002ad0ef999065 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
> 	pid = <value optimized out>
> 	selftid = <value optimized out>
> #1  0x00002ad0ef99c153 in *__GI_abort () at abort.c:88
> 	act = {__sigaction_handler = {sa_handler = 0x48f682, sa_sigaction = 0x48f682}, sa_mask = {__val = {7022288, 
>       140736343534660, 4781697, 140736343534576, 4732811, 0, 4594111, 4971973988617027653, 4781697, 76, 1, 128, 4585798, 
>       140736343534660, 4736491, 4781791}}, sa_flags = 4415891, sa_restorer = 0x7fffbbc36ce0}
> 	sigs = {__val = {32, 0 <repeats 15 times>}}
> #2  0x00002ad0ef9d9140 in malloc_printerr (action=2, str=0x2ad0efa814cd "free(): invalid pointer", ptr=0x806) at malloc.c:5999
> No locals.
> #3  0x000000000043b90c in hend (prog=0x0) at ../../Src/hist.c:1271
> 	hookargs = <value optimized out>
> 	flag = 8
> 	save = 0
> 	hookret = 0
> 	stack_pos = 0
> 	hf = 0xd17440 "/home/aberryman/.history"
> #4  0x0000000000440e8e in loop (toplevel=1, justonce=0) at ../../Src/init.c:150
> 	prog = (Eprog) 0x2ad0eefdb700
> #5  0x0000000000441d56 in zsh_main (argc=<value optimized out>, argv=<value optimized out>) at ../../Src/init.c:1409
> 	t = <value optimized out>
> #6  0x00002ad0ef9855a6 in __libc_start_main (main=0x40fbc0 <main>, argc=1, ubp_av=0x7fffbbc37028, init=0x48d250 <__libc_csu_init>, 
>     fini=<value optimized out>, rtld_fini=<value optimized out>, stack_end=0x7fffbbc37018) at libc-start.c:222
> 	result = <value optimized out>
> 	unwind_buf = {cancel_jmp_buf = {{jmp_buf = {4772432, -8474123038685510702, 4258512, 140736343535648, 0, 0, 
>         8474273082816742354, -2322728423309425710}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x1, 0x40fbc0}, data = {
>       prev = 0x0, cleanup = 0x0, canceltype = 1}}}
> 	not_first_call = <value optimized out>
> #7  0x000000000040faf9 in _start () at ../sysdeps/x86_64/elf/start.S:113
> No locals.
> (gdb) frame 3
> #3  0x000000000043b90c in hend (prog=0x0) at ../../Src/hist.c:1271
> 1271	../../Src/hist.c: No such file or directory.
> 	in ../../Src/hist.c
> (gdb) info locals
> hookargs = <value optimized out>
> flag = 8
> save = 0
> hookret = 0
> stack_pos = 0
> hf = 0xd17440 "/home/aberryman/.history"
> (gdb) print chwords
> $1 = (short int *) 0xd20b50
> (gdb) print chwords
> $2 = 0
> (gdb) print chline
> $3 = 0xd49c50 ""
> (gdb) print chwordlen
> $4 = 64
> (gdb) print chwords[64]
> $5 = 144
> (gdb) print *chwords[65]
> $6 = 0
> (gdb) print chline
> $7 = 0xd49c50 ""
> (gdb) print hlinesz
> $8 = 64
> (gdb) print chline[hlinesz]
> $9 = 10 '\n'
> (gdb) print chline[hlinesz+1]
> $10 = 0 '\0'
> (gdb) quit
> The program is running.  Exit anyway? (y or n) y
> 
> 
> hist.c:1271 is a zfree on chwords, but that array still exists, as does the one freed in the previous line, chline


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: Bug#535232: zsh: segfaults while trying to free in hend
  2009-08-09 18:47 ` Bug#535232: zsh: segfaults while trying to free in hend Clint Adams
@ 2009-08-16 19:01   ` Peter Stephenson
  0 siblings, 0 replies; 2+ messages in thread
From: Peter Stephenson @ 2009-08-16 19:01 UTC (permalink / raw)
  To: zsh-workers; +Cc: 535232

On Sun, 9 Aug 2009 18:47:21 +0000
Clint Adams <schizo@debian.org> wrote:
> On Tue, Jun 30, 2009 at 06:21:33PM -0400, Alec Berryman wrote:
>> Recently (one or two weeks, probably when I upgraded to the current
>> version of zsh), I've been seeing intermittent segfaults - I'll run a
>> command like less or cd and my terminal will die on me.  I've never
>> seen it happen in a long-running shell; if it makes it through the
>> first few commands, everything works.

The following is at least safe and good practice, but it's impossible to
tell if it's the root of the problem.

Index: Src/hist.c
===================================================================
RCS file: /cvsroot/zsh/zsh/Src/hist.c,v
retrieving revision 1.94
diff -u -r1.94 hist.c
--- Src/hist.c	23 Mar 2009 12:17:33 -0000	1.94
+++ Src/hist.c	16 Aug 2009 18:59:10 -0000
@@ -1156,6 +1156,7 @@
 	zfree(chline, hlinesz);
 	zfree(chwords, chwordlen*sizeof(short));
 	chline = NULL;
+	chwords = NULL;
 	histactive = 0;
 	unqueue_signals();
 	return 1;
@@ -1270,6 +1271,7 @@
     zfree(chline, hlinesz);
     zfree(chwords, chwordlen*sizeof(short));
     chline = NULL;
+    chwords = NULL;
     histactive = 0;
     if (isset(SHAREHISTORY)? histfileIsLocked() : isset(INCAPPENDHISTORY))
 	savehistfile(hf, 0, HFILE_USE_OPTIONS | HFILE_FAST);


-- 
Peter Stephenson <p.w.stephenson@ntlworld.com>
Web page now at http://homepage.ntlworld.com/p.w.stephenson/


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2009-08-16 19:08 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <20090630222133.8940.9856.reportbug@deng-aberr.internal.itasoftware.com>
2009-08-09 18:47 ` Bug#535232: zsh: segfaults while trying to free in hend Clint Adams
2009-08-16 19:01   ` Peter Stephenson

Code repositories for project(s) associated with this public inbox

	https://git.vuxu.org/mirror/zsh/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).