* Re: Bug#535232: zsh: segfaults while trying to free in hend
[not found] <20090630222133.8940.9856.reportbug@deng-aberr.internal.itasoftware.com>
@ 2009-08-09 18:47 ` Clint Adams
2009-08-16 19:01 ` Peter Stephenson
0 siblings, 1 reply; 2+ messages in thread
From: Clint Adams @ 2009-08-09 18:47 UTC (permalink / raw)
To: Alec Berryman, 535232; +Cc: zsh-workers
On Tue, Jun 30, 2009 at 06:21:33PM -0400, Alec Berryman wrote:
> Recently (one or two weeks, probably when I upgraded to the current version of
> zsh), I've been seeing intermittent segfaults - I'll run a command like less or
> cd and my terminal will die on me. I've never seen it happen in a long-running
> shell; if it makes it through the first few commands, everything works.
>
> I got the attached backtrace.
Thanks.
> (run as 'MALLOC_CHECK_=2 gdb /bin/zsh4' with zsh 4.3.10-2)
>
>
> Script started on Tue 30 Jun 2009 05:41:18 PM EDT
> GNU gdb 6.8-debian
> Copyright (C) 2008 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law. Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "x86_64-linux-gnu"...
> (gdb) run
> Starting program: /bin/zsh4
> /home/aberryman/dotfiles/bash/interactive-shell:bindkey:281: warning: `bindkey -m' disables multibyte support
> ^[]2;deng-aberr: /home/aberryman\a^[]1;deng-aberr\a/etc/zsh/zshrc:unalias:42: no such hash table element: run-help
> ^[]2;deng-aberr: /home/aberryman\a^[]1;deng-aberr\a^[[1m^[[7m%^[[27m^[[1m^[[0m
>
> ^[[0m^[[27m^[[24m^[[J^[[1m[~] deng-aberr|^[[0m ^[[Kq\bqpx gt0
> [... some stuff censored, command just sets up some environment variables ...]
> /home/aberryman/dotfiles/bash/interactive-shell:bindkey:281: warning: `bindkey -m' disables multibyte support
> ^[]2;[QPX:gt0] deng-aberr: /home/aberryman\a^[]1;deng-aberr\a^[[1m^[[7m%^[[27m^[[1m^[[0m
>
> ^[[0m^[[27m^[[24m^[[J^[[1m[~] deng-aberr|^[[0m ^[[Kc\bcd $Q
>
> Program received signal SIGABRT, Aborted.
> 0x00002ad0ef999065 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
> 64 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
> in ../nptl/sysdeps/unix/sysv/linux/raise.c
> (gdb) backtrace full
> #0 0x00002ad0ef999065 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
> pid = <value optimized out>
> selftid = <value optimized out>
> #1 0x00002ad0ef99c153 in *__GI_abort () at abort.c:88
> act = {__sigaction_handler = {sa_handler = 0x48f682, sa_sigaction = 0x48f682}, sa_mask = {__val = {7022288,
> 140736343534660, 4781697, 140736343534576, 4732811, 0, 4594111, 4971973988617027653, 4781697, 76, 1, 128, 4585798,
> 140736343534660, 4736491, 4781791}}, sa_flags = 4415891, sa_restorer = 0x7fffbbc36ce0}
> sigs = {__val = {32, 0 <repeats 15 times>}}
> #2 0x00002ad0ef9d9140 in malloc_printerr (action=2, str=0x2ad0efa814cd "free(): invalid pointer", ptr=0x806) at malloc.c:5999
> No locals.
> #3 0x000000000043b90c in hend (prog=0x0) at ../../Src/hist.c:1271
> hookargs = <value optimized out>
> flag = 8
> save = 0
> hookret = 0
> stack_pos = 0
> hf = 0xd17440 "/home/aberryman/.history"
> #4 0x0000000000440e8e in loop (toplevel=1, justonce=0) at ../../Src/init.c:150
> prog = (Eprog) 0x2ad0eefdb700
> #5 0x0000000000441d56 in zsh_main (argc=<value optimized out>, argv=<value optimized out>) at ../../Src/init.c:1409
> t = <value optimized out>
> #6 0x00002ad0ef9855a6 in __libc_start_main (main=0x40fbc0 <main>, argc=1, ubp_av=0x7fffbbc37028, init=0x48d250 <__libc_csu_init>,
> fini=<value optimized out>, rtld_fini=<value optimized out>, stack_end=0x7fffbbc37018) at libc-start.c:222
> result = <value optimized out>
> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {4772432, -8474123038685510702, 4258512, 140736343535648, 0, 0,
> 8474273082816742354, -2322728423309425710}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x1, 0x40fbc0}, data = {
> prev = 0x0, cleanup = 0x0, canceltype = 1}}}
> not_first_call = <value optimized out>
> #7 0x000000000040faf9 in _start () at ../sysdeps/x86_64/elf/start.S:113
> No locals.
> (gdb) frame 3
> #3 0x000000000043b90c in hend (prog=0x0) at ../../Src/hist.c:1271
> 1271 ../../Src/hist.c: No such file or directory.
> in ../../Src/hist.c
> (gdb) info locals
> hookargs = <value optimized out>
> flag = 8
> save = 0
> hookret = 0
> stack_pos = 0
> hf = 0xd17440 "/home/aberryman/.history"
> (gdb) print chwords
> $1 = (short int *) 0xd20b50
> (gdb) print chwords
> $2 = 0
> (gdb) print chline
> $3 = 0xd49c50 ""
> (gdb) print chwordlen
> $4 = 64
> (gdb) print chwords[64]
> $5 = 144
> (gdb) print *chwords[65]
> $6 = 0
> (gdb) print chline
> $7 = 0xd49c50 ""
> (gdb) print hlinesz
> $8 = 64
> (gdb) print chline[hlinesz]
> $9 = 10 '\n'
> (gdb) print chline[hlinesz+1]
> $10 = 0 '\0'
> (gdb) quit
> The program is running. Exit anyway? (y or n) y
>
>
> hist.c:1271 is a zfree on chwords, but that array still exists, as does the one freed in the previous line, chline
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Bug#535232: zsh: segfaults while trying to free in hend
2009-08-09 18:47 ` Bug#535232: zsh: segfaults while trying to free in hend Clint Adams
@ 2009-08-16 19:01 ` Peter Stephenson
0 siblings, 0 replies; 2+ messages in thread
From: Peter Stephenson @ 2009-08-16 19:01 UTC (permalink / raw)
To: zsh-workers; +Cc: 535232
On Sun, 9 Aug 2009 18:47:21 +0000
Clint Adams <schizo@debian.org> wrote:
> On Tue, Jun 30, 2009 at 06:21:33PM -0400, Alec Berryman wrote:
>> Recently (one or two weeks, probably when I upgraded to the current
>> version of zsh), I've been seeing intermittent segfaults - I'll run a
>> command like less or cd and my terminal will die on me. I've never
>> seen it happen in a long-running shell; if it makes it through the
>> first few commands, everything works.
The following is at least safe and good practice, but it's impossible to
tell if it's the root of the problem.
Index: Src/hist.c
===================================================================
RCS file: /cvsroot/zsh/zsh/Src/hist.c,v
retrieving revision 1.94
diff -u -r1.94 hist.c
--- Src/hist.c 23 Mar 2009 12:17:33 -0000 1.94
+++ Src/hist.c 16 Aug 2009 18:59:10 -0000
@@ -1156,6 +1156,7 @@
zfree(chline, hlinesz);
zfree(chwords, chwordlen*sizeof(short));
chline = NULL;
+ chwords = NULL;
histactive = 0;
unqueue_signals();
return 1;
@@ -1270,6 +1271,7 @@
zfree(chline, hlinesz);
zfree(chwords, chwordlen*sizeof(short));
chline = NULL;
+ chwords = NULL;
histactive = 0;
if (isset(SHAREHISTORY)? histfileIsLocked() : isset(INCAPPENDHISTORY))
savehistfile(hf, 0, HFILE_USE_OPTIONS | HFILE_FAST);
--
Peter Stephenson <p.w.stephenson@ntlworld.com>
Web page now at http://homepage.ntlworld.com/p.w.stephenson/
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2009-08-16 19:08 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <20090630222133.8940.9856.reportbug@deng-aberr.internal.itasoftware.com>
2009-08-09 18:47 ` Bug#535232: zsh: segfaults while trying to free in hend Clint Adams
2009-08-16 19:01 ` Peter Stephenson
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).