From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 4140 invoked by alias); 11 Nov 2015 15:58:12 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: X-Seq: 37091 Received: (qmail 17850 invoked from network); 11 Nov 2015 15:58:10 -0000 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_HDRS_LCASE, T_MANY_HDRS_LCASE autolearn=ham autolearn_force=no version=3.4.0 X-AuditID: cbfec7f5-f794b6d000001495-dc-5643658e5a6c Date: Wed, 11 Nov 2015 15:58:03 +0000 From: Peter Stephenson To: Zsh Hackers' List Subject: PATCH: (?) Some kind of freeundo crash thing Message-id: <20151111155803.5769db50@pwslap01u.europe.root.pri> Organization: Samsung Cambridge Solution Centre X-Mailer: Claws Mail 3.7.9 (GTK+ 2.22.0; i386-redhat-linux-gnu) MIME-version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7bit X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrJLMWRmVeSWpSXmKPExsVy+t/xK7p9qc5hBncfSlscbH7I5MDoserg B6YAxigum5TUnMyy1CJ9uwSujP7Zq1gKrvNWvF/YyNLAOJu7i5GDQ0LARGLXQssuRk4gU0zi wr31bF2MXBxCAksZJQ7e/M0E4cxgkti3ZAoLhLONUeL1nkVMIC0sAqoSN8/fYwWx2QQMJaZu ms0IMlVEQFui/aMYiCksYCox8Z8PSAWvgL3EnN79zCA2v4C+xNW/n5ggFttLzLxyhhGiRlDi x+R7LCA2s4CWxOZtTawQtrzE5jVvwXqFBNQlbtzdzT6BUWAWkpZZSFpmIWlZwMi8ilE0tTS5 oDgpPddIrzgxt7g0L10vOT93EyMkAL/uYFx6zOoQowAHoxIP70Y7pzAh1sSy4srcQ4wSHMxK Irx6Es5hQrwpiZVVqUX58UWlOanFhxilOViUxHln7nofIiSQnliSmp2aWpBaBJNl4uCUamDk b/qee2Xuu3dMlkcV7JbfOrX5vP5hvSt7WNM3TuHvVnzJarzoYueBiKdnRMuurow5sSbm4+GN 9kdM/bSWNKq0flVv6n72KqN0/roDm56b7bn14GvhQ9u37Zr3GLcZ7Hzzt/zBbqU1enM+rV7v tjDMnl1OjbO/8b42l7zJTj+JH1KdE2LZm/KuK7EUZyQaajEXFScCAMgVF188AgAA Doesn't seem very easy to provoke. Must be freeing lastline: (gdb) p lastline $1 = (ZLE_STRING_T) 0x1bde2a0 L"make clean\xffffffff\xffffffff\x1cc99f0" (gdb) p lastlinesz $2 = 10 (gdb) p sz $3 = 0 (gdb) p osz $4 = 10 which actually looks OK. I think sz == 0 because of ZSH_SECURE_FREE. I wonder if this could be a double free? We don't unset lastline if we free it... #0 0x0000000000470545 in zfree (p=0x1bde2a0, sz=0) at mem.c:1501 #1 0x00002b6fe89ebb72 in freeundo () at zle_utils.c:1438 #2 0x00002b6fe89cca91 in zleread (lp=0x6f64e8, rp=0x0, flags=7, context=0, init=0x2b6fe89f4188 "zle-line-init", finish=0x2b6fe89f4178 "zle-line-finish") at zle_main.c:1284 #3 0x00002b6fe89cf563 in zle_main_entry (cmd=1, ap=0x7fff3dc74d20) at zle_main.c:1930 #4 0x0000000000456f03 in zleentry (cmd=1) at init.c:1523 #5 0x00000000004580b5 in inputline () at input.c:293 #6 0x0000000000457f16 in ingetc () at input.c:226 #7 0x000000000044ac92 in ihgetc () at hist.c:391 #8 0x0000000000462466 in gettok () at lex.c:605 #9 0x0000000000461b5f in zshlex () at lex.c:271 #10 0x000000000048926a in parse_event (endtok=37) at parse.c:561 #11 0x0000000000453566 in loop (toplevel=1, justonce=0) at init.c:146 #12 0x0000000000457403 in zsh_main (argc=1, argv=0x7fff3dc752a8) at init.c:1678 #13 0x000000000040f434 in main (argc=1, argv=0x7fff3dc752a8) at ./main.c:93 diff --git a/Src/Zle/zle_utils.c b/Src/Zle/zle_utils.c index ffff8fd..6e9a98b 100644 --- a/Src/Zle/zle_utils.c +++ b/Src/Zle/zle_utils.c @@ -1436,6 +1436,8 @@ freeundo(void) freechanges(changes); freechanges(nextchanges); zfree(lastline, lastlinesz); + lastline = NULL; + lastlinesz = 0; } /**/ pws