SEGV with alias\

zsh-workers
 help / color / mirror / code / Atom feed

* SEGV with alias\
@ 2015-07-23 21:52 Daniel Shahaf
  2015-07-23 22:18 ` Bart Schaefer
  0 siblings, 1 reply; 4+ messages in thread
From: Daniel Shahaf @ 2015-07-23 21:52 UTC (permalink / raw)
  To: zsh-workers; +Cc: Kamil Dudka

[CCing reporter of the recent ihungetc() issue]

Typing <l><s><Backslash><Enter><Enter> may segfault if 'ls' is aliased.

The segfault is:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6fe31d5 in _int_malloc (av=0x7ffff72f1e40, bytes=2) at malloc.c:4308
4308	malloc.c: No such file or directory.
(gdb) bt
#0  0x00007ffff6fe31d5 in _int_malloc (av=0x7ffff72f1e40, bytes=2) at malloc.c:4308
#1  0x00007ffff6fe5a70 in *__GI___libc_malloc (bytes=2) at malloc.c:3660
#2  0x00000000004694f3 in zshcalloc (size=2) at mem.c:918
#3  0x000000000045464b in inungetc (c=10) at input.c:442
#4  0x0000000000449a53 in ihungetc (c=10) at hist.c:926
#5  0x000000000044993b in ihungetc (c=92) at hist.c:908
#6  0x0000000000449949 in ihungetc (c=92) at hist.c:908
#7  0x0000000000449949 in ihungetc (c=92) at hist.c:908
#8  0x0000000000449949 in ihungetc (c=92) at hist.c:908
#9  0x0000000000449949 in ihungetc (c=92) at hist.c:908
#10 0x0000000000449949 in ihungetc (c=92) at hist.c:908

Another behaviour is this:

    ### Short expansion: two warnings
    $ zsh -f
    % alias ls=:
    % ls\
    > 
    Warning: backing up wrong character.
    Warning: backing up wrong character.

    ### Long expansion: infinite loop
    % alias ls=:\ zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
    % ls\
    > 
    Warning: backing up wrong character.
    Warning: backing up wrong character.
    Warning: backing up wrong character.
    ...
    ^C
    Warning: backing up wrong c%
    haracter.

    ### The '%' in the next-to-last line is in reverse video.

I'm not completely sure what's the distinction — my 'print
$ZSH_PATCHLEVEL' statements were acting up (!), reporting sometimes
a commit before the ihungetc fix and sometimes after it.  So I'm
guessing the segfault is pre-35854 and the warning after it.

Reported by 'thm' on IRC.

Cheers,

Daniel


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: SEGV with alias\
  2015-07-23 21:52 SEGV with alias\ Daniel Shahaf
@ 2015-07-23 22:18 ` Bart Schaefer
  2015-07-24  2:33   ` Bart Schaefer
  0 siblings, 1 reply; 4+ messages in thread
From: Bart Schaefer @ 2015-07-23 22:18 UTC (permalink / raw)
  To: Zsh hackers list; +Cc: Kamil Dudka

On Thu, Jul 23, 2015 at 2:52 PM, Daniel Shahaf <d.s@daniel.shahaf.name> wrote:
> [CCing reporter of the recent ihungetc() issue]
>
> Typing <l><s><Backslash><Enter><Enter> may segfault if 'ls' is aliased.

This looks like the same recursion issue that PWS tried to patch
recently.  I think that's been pushed -- are you still reproducing
this with the latest source from git?


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: SEGV with alias\
  2015-07-23 22:18 ` Bart Schaefer
@ 2015-07-24  2:33   ` Bart Schaefer
  2015-07-24  8:53     ` Peter Stephenson
  0 siblings, 1 reply; 4+ messages in thread
From: Bart Schaefer @ 2015-07-24  2:33 UTC (permalink / raw)
  To: Zsh hackers list; +Cc: Kamil Dudka

On Jul 23,  3:18pm, Bart Schaefer wrote:
} Subject: Re: SEGV with alias\
}
} On Thu, Jul 23, 2015 at 2:52 PM, Daniel Shahaf <d.s@daniel.shahaf.name> wrote:
} > [CCing reporter of the recent ihungetc() issue]
} >
} > Typing <l><s><Backslash><Enter><Enter> may segfault if 'ls' is aliased.
} 
} This looks like the same recursion issue that PWS tried to patch
} recently.  I think that's been pushed -- are you still reproducing
} this with the latest source from git?

To answer my own question:

It doesn't crash any more, but with debug enabled it prints
    Warning: backing up wrong character.
forever.

Interruptible with ctl+c though.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: SEGV with alias\
  2015-07-24  2:33   ` Bart Schaefer
@ 2015-07-24  8:53     ` Peter Stephenson
  0 siblings, 0 replies; 4+ messages in thread
From: Peter Stephenson @ 2015-07-24  8:53 UTC (permalink / raw)
  To: Zsh hackers list

On Thu, 23 Jul 2015 19:33:51 -0700
Bart Schaefer <schaefer@brasslantern.com> wrote:
> On Jul 23,  3:18pm, Bart Schaefer wrote:
> } Subject: Re: SEGV with alias\
> }
> } On Thu, Jul 23, 2015 at 2:52 PM, Daniel Shahaf <d.s@daniel.shahaf.name> wrote:
> } > [CCing reporter of the recent ihungetc() issue]
> } >
> } > Typing <l><s><Backslash><Enter><Enter> may segfault if 'ls' is aliased.
> } 
> 
> It doesn't crash any more, but with debug enabled it prints
>     Warning: backing up wrong character.
> forever.

I can stop this cleanly, but I still don't know what the code chunk is
doing.

pws

diff --git a/Src/hist.c b/Src/hist.c
index cf224cb..75e809c 100644
--- a/Src/hist.c
+++ b/Src/hist.c
@@ -906,7 +906,8 @@ ihungetc(int c)
     while (!lexstop && !errflag) {
 	if (hptr[-1] != (char) c && stophist < 4 &&
 	    hptr > chline + 1 && hptr[-1] == '\n' && hptr[-2] == '\\' &&
-	    !(histactive & HA_UNGET)) {
+	    !(histactive & HA_UNGET) &&
+	    (inbufflags & (INP_ALIAS|INP_HIST)) != INP_ALIAS) {
 	    histactive |= HA_UNGET;
 	    hungetc('\n');
 	    hungetc('\\');


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2015-07-24  8:53 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-07-23 21:52 SEGV with alias\ Daniel Shahaf
2015-07-23 22:18 ` Bart Schaefer
2015-07-24  2:33   ` Bart Schaefer
2015-07-24  8:53     ` Peter Stephenson

Code repositories for project(s) associated with this public inbox

	https://git.vuxu.org/mirror/zsh/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).