* [PATCH] Fix complist menuselect segmentation fault @ 2017-07-02 14:58 ` Maxime de Roucy 2017-07-03 14:25 ` Peter Stephenson 2017-07-04 9:14 ` Sebastian Gniazdowski 0 siblings, 2 replies; 5+ messages in thread From: Maxime de Roucy @ 2017-07-02 14:58 UTC (permalink / raw) To: zsh-workers; +Cc: Maxime de Roucy Without this patch : I use : zstyle ':completion:*:hosts' menu yes=long yes=20 select search Imagine I have 2 hosts : "ab" and "bb" When I try to use the completion menu ("isearch") and type "aa" the shell crash (segmentation fault). The first "a" match only host "ab", so when a type the second "a", mcol and mline == 0. The first time the code enter "if (x == ex && y == ey)", it leave the if with x = y = ex = ey = 0. Then "++x" (line 2331) increment x, and x and y can't match ex and ey anymore since they can only increase. → segmentation fault --- Src/Zle/complist.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/Src/Zle/complist.c b/Src/Zle/complist.c index 035038815..a83daeff9 100644 --- a/Src/Zle/complist.c +++ b/Src/Zle/complist.c @@ -2334,11 +2334,6 @@ msearch(Cmatch **ptr, char *ins, int back, int rep, int *wrapp) } } if (x == ex && y == ey) { - if (wrap) { - msearchstate = MS_FAILED | owrap; - break; - } - msearchstate |= MS_WRAPPED; if (back) { x = mcols - 1; @@ -2350,6 +2345,13 @@ msearch(Cmatch **ptr, char *ins, int back, int rep, int *wrapp) } ex = mcol; ey = mline; + + if (wrap || (x == ex && y == ey)) { + msearchstate = MS_FAILED | owrap; + break; + } + + msearchstate |= MS_WRAPPED; wrap = 1; *wrapp = 1; } -- 2.13.2 ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] Fix complist menuselect segmentation fault 2017-07-02 14:58 ` [PATCH] Fix complist menuselect segmentation fault Maxime de Roucy @ 2017-07-03 14:25 ` Peter Stephenson 2017-07-04 9:14 ` Sebastian Gniazdowski 1 sibling, 0 replies; 5+ messages in thread From: Peter Stephenson @ 2017-07-03 14:25 UTC (permalink / raw) To: Maxime de Roucy, zsh-workers On Sun, 2 Jul 2017 16:58:20 +0200 Maxime de Roucy <maxime.deroucy@gmail.com> wrote: > Without this patch : > > I use : > > zstyle ':completion:*:hosts' menu yes=long yes=20 select search > > Imagine I have 2 hosts : "ab" and "bb" > > When I try to use the completion menu ("isearch") and type "aa" the shell > crash (segmentation fault). > > The first "a" match only host "ab", so when a type the second "a", mcol > and mline == 0. > > The first time the code enter "if (x == ex && y == ey)", it leave the if > with x = y = ex = ey = 0. > Then "++x" (line 2331) increment x, and x and y can't match ex and ey > anymore since they can only increase. > → segmentation fault Thanks --- the existing code here is obscure enough I think I'm just going to apply your patch and see if anyone notices side effects. It looks like they'd have to be pretty subtle --- I'm guessing that problem has been there a very long time. pws ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] Fix complist menuselect segmentation fault 2017-07-02 14:58 ` [PATCH] Fix complist menuselect segmentation fault Maxime de Roucy 2017-07-03 14:25 ` Peter Stephenson @ 2017-07-04 9:14 ` Sebastian Gniazdowski 2017-07-04 11:40 ` Maxime de Roucy 1 sibling, 1 reply; 5+ messages in thread From: Sebastian Gniazdowski @ 2017-07-04 9:14 UTC (permalink / raw) To: Maxime de Roucy, zsh-workers; +Cc: Maxime de Roucy On 2 lipca 2017 at 16:58:20, Maxime de Roucy (maxime.deroucy@gmail.com) wrote: > Without this patch : I have this core dump from 06.05.2017, not sure if it's related, I think I attach it here. The segmentation fault happened once. * thread #1: tid = 0x0000, 0x00000001021032fb complist.so`msearch(ptr=0x00007fd97b34d940, ins="M", back=0, rep=0, wrapp=0x00007fff5ded95a8) + 315 at complist.c:2312, stop reason = signal SIGSTOP * frame #0: 0x00000001021032fb complist.so`msearch(ptr=0x00007fd97b34d940, ins="M", back=0, rep=0, wrapp=0x00007fff5ded95a8) + 315 at complist.c:2312 frame #1: 0x00000001020fb56b complist.so`domenuselect(dummy=0x00000001020ea208, dat=0x00007fff5ded9928) + 16027 at complist.c:3349 frame #2: 0x0000000101d842d6 zsh-5.3.1-dev-0`runhookdef + 150 frame #3: 0x00000001020cbd8c complete.so`after_complete + 108 frame #4: 0x0000000101d84351 zsh-5.3.1-dev-0`runhookdef + 273 frame #5: 0x000000010208539d zle.so`docomplete + 4013 frame #6: 0x0000000102085724 zle.so`expandorcomplete + 228 frame #7: 0x00000001020841a6 zle.so`completecall + 70 frame #8: 0x000000010206de3e zle.so`execzlefunc + 734 frame #9: 0x0000000102083b47 zle.so`bin_zle_call + 1191 frame #10: 0x0000000102082276 zle.so`bin_zle + 438 frame #11: 0x0000000101d209fa zsh-5.3.1-dev-0`execbuiltin + 3242 frame #12: 0x0000000101d4a943 zsh-5.3.1-dev-0`execcmd_exec + 18595 frame #13: 0x0000000101d45ad9 zsh-5.3.1-dev-0`execpline2 + 425 frame #14: 0x0000000101d3edd1 zsh-5.3.1-dev-0`execpline + 945 frame #15: 0x0000000101d3dfb1 zsh-5.3.1-dev-0`execlist + 1745 frame #16: 0x0000000101d3d8ac zsh-5.3.1-dev-0`execode + 284 frame #17: 0x0000000101d43c2d zsh-5.3.1-dev-0`runshfunc + 509 frame #18: 0x0000000101d43590 zsh-5.3.1-dev-0`doshfunc + 2160 frame #19: 0x0000000101d4529d zsh-5.3.1-dev-0`execshfunc + 525 frame #20: 0x0000000101d4a28c zsh-5.3.1-dev-0`execcmd_exec + 16876 frame #21: 0x0000000101d45ad9 zsh-5.3.1-dev-0`execpline2 + 425 frame #22: 0x0000000101d3edd1 zsh-5.3.1-dev-0`execpline + 945 frame #23: 0x0000000101d3df5e zsh-5.3.1-dev-0`execlist + 1662 frame #24: 0x0000000101d3d8ac zsh-5.3.1-dev-0`execode + 284 frame #25: 0x0000000101d43c2d zsh-5.3.1-dev-0`runshfunc + 509 frame #26: 0x0000000101d43590 zsh-5.3.1-dev-0`doshfunc + 2160 frame #27: 0x000000010206e1c5 zle.so`execzlefunc + 1637 frame #28: 0x0000000102083b47 zle.so`bin_zle_call + 1191 frame #29: 0x0000000102082276 zle.so`bin_zle + 438 frame #30: 0x0000000101d209fa zsh-5.3.1-dev-0`execbuiltin + 3242 frame #31: 0x0000000101d4a943 zsh-5.3.1-dev-0`execcmd_exec + 18595 frame #32: 0x0000000101d45ad9 zsh-5.3.1-dev-0`execpline2 + 425 frame #33: 0x0000000101d3edd1 zsh-5.3.1-dev-0`execpline + 945 frame #34: 0x0000000101d3df5e zsh-5.3.1-dev-0`execlist + 1662 frame #35: 0x0000000101d7c429 zsh-5.3.1-dev-0`execif + 521 frame #36: 0x0000000101d4a067 zsh-5.3.1-dev-0`execcmd_exec + 16327 frame #37: 0x0000000101d45ad9 zsh-5.3.1-dev-0`execpline2 + 425 frame #38: 0x0000000101d3edd1 zsh-5.3.1-dev-0`execpline + 945 frame #39: 0x0000000101d3df5e zsh-5.3.1-dev-0`execlist + 1662 frame #40: 0x0000000101d3d8ac zsh-5.3.1-dev-0`execode + 284 frame #41: 0x0000000101d43c2d zsh-5.3.1-dev-0`runshfunc + 509 frame #42: 0x0000000101d43590 zsh-5.3.1-dev-0`doshfunc + 2160 frame #43: 0x0000000101d4529d zsh-5.3.1-dev-0`execshfunc + 525 frame #44: 0x0000000101d4a28c zsh-5.3.1-dev-0`execcmd_exec + 16876 frame #45: 0x0000000101d45ad9 zsh-5.3.1-dev-0`execpline2 + 425 frame #46: 0x0000000101d3edd1 zsh-5.3.1-dev-0`execpline + 945 frame #47: 0x0000000101d3df5e zsh-5.3.1-dev-0`execlist + 1662 frame #48: 0x0000000101d3d8ac zsh-5.3.1-dev-0`execode + 284 frame #49: 0x0000000101d43c2d zsh-5.3.1-dev-0`runshfunc + 509 frame #50: 0x0000000101d43590 zsh-5.3.1-dev-0`doshfunc + 2160 frame #51: 0x0000000101d4529d zsh-5.3.1-dev-0`execshfunc + 525 frame #52: 0x0000000101d4a28c zsh-5.3.1-dev-0`execcmd_exec + 16876 frame #53: 0x0000000101d45ad9 zsh-5.3.1-dev-0`execpline2 + 425 frame #54: 0x0000000101d3edd1 zsh-5.3.1-dev-0`execpline + 945 frame #55: 0x0000000101d3df5e zsh-5.3.1-dev-0`execlist + 1662 frame #56: 0x0000000101d3d8ac zsh-5.3.1-dev-0`execode + 284 frame #57: 0x0000000101d43c2d zsh-5.3.1-dev-0`runshfunc + 509 frame #58: 0x0000000101d43590 zsh-5.3.1-dev-0`doshfunc + 2160 frame #59: 0x0000000101d4529d zsh-5.3.1-dev-0`execshfunc + 525 frame #60: 0x0000000101d4a28c zsh-5.3.1-dev-0`execcmd_exec + 16876 frame #61: 0x0000000101d45ad9 zsh-5.3.1-dev-0`execpline2 + 425 frame #62: 0x0000000101d3edd1 zsh-5.3.1-dev-0`execpline + 945 frame #63: 0x0000000101d3df5e zsh-5.3.1-dev-0`execlist + 1662 frame #64: 0x0000000101d3d8ac zsh-5.3.1-dev-0`execode + 284 frame #65: 0x0000000101d43c2d zsh-5.3.1-dev-0`runshfunc + 509 frame #66: 0x0000000101d43590 zsh-5.3.1-dev-0`doshfunc + 2160 frame #67: 0x000000010206e1c5 zle.so`execzlefunc + 1637 frame #68: 0x000000010206e5ff zle.so`zlecore + 415 frame #69: 0x000000010206ef65 zle.so`zleread + 1845 frame #70: 0x000000010206fdb3 zle.so`zle_main_entry + 739 frame #71: 0x0000000101d6af97 zsh-5.3.1-dev-0`zleentry + 615 frame #72: 0x0000000101d6c72d zsh-5.3.1-dev-0`inputline + 509 frame #73: 0x0000000101d6c325 zsh-5.3.1-dev-0`ingetc + 325 frame #74: 0x0000000101d5e41d zsh-5.3.1-dev-0`ihgetc + 13 frame #75: 0x0000000101d75986 zsh-5.3.1-dev-0`gettok + 38 frame #76: 0x0000000101d756f9 zsh-5.3.1-dev-0`zshlex + 121 frame #77: 0x0000000101d9aeb7 zsh-5.3.1-dev-0`parse_event + 55 frame #78: 0x0000000101d67096 zsh-5.3.1-dev-0`loop + 294 frame #79: 0x0000000101d6b5af zsh-5.3.1-dev-0`zsh_main + 847 frame #80: 0x0000000101d1fa82 zsh-5.3.1-dev-0`main + 34 frame #81: 0x00007fff912e95ad libdyld.dylib`start + 1 frame #82: 0x00007fff912e95ad libdyld.dylib`start + 1 -- Sebastian Gniazdowski psprint /at/ zdharma.org ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] Fix complist menuselect segmentation fault 2017-07-04 9:14 ` Sebastian Gniazdowski @ 2017-07-04 11:40 ` Maxime de Roucy 2017-07-04 12:24 ` Sebastian Gniazdowski 0 siblings, 1 reply; 5+ messages in thread From: Maxime de Roucy @ 2017-07-04 11:40 UTC (permalink / raw) To: Sebastian Gniazdowski, zsh-workers [-- Attachment #1: Type: text/plain, Size: 3573 bytes --] > I have this core dump from 06.05.2017, not sure if it's related, I > think I attach it here. The segmentation fault happened once. > > * thread #1: tid = 0x0000, 0x00000001021032fb > complist.so`msearch(ptr=0x00007fd97b34d940, ins="M", back=0, rep=0, > wrapp=0x00007fff5ded95a8) + 315 at complist.c:2312, stop reason = > signal SIGSTOP I don't have a detailed coredump like this but I think it's related, when I debug the problem in gdb the segfault append exactly at line 2312. https://sourceforge.net/p/zsh/code/ci/master/tree/Src/Zle/complist.c#l2312 But for my part I experience it a lot (I use auto-completion menu a lot) : ``` max@mde-oxalide % sudo coredumpctl list /usr/bin/zsh | head TIME PID UID GID SIG COREFILE EXE Tue 2016-10-18 15:18:05 CEST 8075 1000 100 11 missing /usr/bin/zsh Thu 2016-10-20 18:33:17 CEST 14850 1000 100 11 missing /usr/bin/zsh Tue 2016-10-25 14:45:59 CEST 18653 1000 100 11 missing /usr/bin/zsh Mon 2016-11-28 18:26:56 CET 13915 1000 100 11 missing /usr/bin/zsh Tue 2016-11-29 19:28:49 CET 3067 1000 100 11 missing /usr/bin/zsh Wed 2016-11-30 10:25:04 CET 1303 1000 100 11 missing /usr/bin/zsh Wed 2016-11-30 15:10:46 CET 16278 1000 100 11 missing /usr/bin/zsh Wed 2016-12-07 18:03:07 CET 32027 1000 100 11 missing /usr/bin/zsh Fri 2016-12-09 14:29:07 CET 22713 1000 100 11 missing /usr/bin/zsh max@laptop % sudo coredumpctl -r list /usr/bin/zsh | wc -l 83 ``` My coredumps aren't detailed as yours : ``` max@laptop % sudo coredumpctl dump /usr/bin/zsh PID: 3148 (zsh) UID: 1000 (max) GID: 100 (users) Signal: 11 (SEGV) Timestamp: Sun 2017-07-02 15:23:17 CEST (1 day 22h ago) Command Line: /usr/bin/zsh Executable: /usr/bin/zsh Control Group: /user.slice/user-1000.slice/user@1000.service/gnome-terminal-server.service Unit: user@1000.service User Unit: gnome-terminal-server.service Slice: user-1000.slice Owner UID: 1000 (max) Boot ID: bf4c79d72cca4a4786e217e13ea0f31c Machine ID: 8466a4f6764d4d0b8fb5cb3903d9804c Hostname: laptop Storage: /var/lib/systemd/coredump/core.zsh.1000.bf4c79d72cca4a4786e217e13ea0f31c.3148.1499001797000000000000.lz4 Message: Process 3148 (zsh) of user 1000 dumped core. Stack trace of thread 3148: #0 0x00007ffff55e3b90 domenuselect (complist.so) #1 0x000000000045dde9 runhookdef (zsh) #2 0x00007ffff5e10567 after_complete (complete.so) #3 0x00007ffff605fc05 docomplete (zle.so) #4 0x00007ffff605bfd0 completecall (zle.so) #5 0x00007ffff604b874 execzlefunc (zle.so) #6 0x00007ffff604bc66 zlecore (zle.so) #7 0x00007ffff604cb31 zleread (zle.so) #8 0x0000000000448494 zleentry (zsh) #9 0x00000000004499e5 ingetc.part.0 (zsh) #10 0x00000000004417fb ihgetc (zsh) #11 0x00000000004535b6 zshlex.part.1 (zsh) #12 0x0000000000473136 parse_event (zsh) #13 0x0000000000444faf loop (zsh) #14 0x0000000000448b0e zsh_main (zsh) #15 0x00007ffff70cd43a __libc_start_main (libc.so.6) #16 0x000000000041032a _start (zsh) Refusing to dump core to tty (use shell redirection or specify --output). ``` -- Regards Maxime de Roucy [-- Attachment #2: This is a digitally signed message part --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] Fix complist menuselect segmentation fault 2017-07-04 11:40 ` Maxime de Roucy @ 2017-07-04 12:24 ` Sebastian Gniazdowski 0 siblings, 0 replies; 5+ messages in thread From: Sebastian Gniazdowski @ 2017-07-04 12:24 UTC (permalink / raw) To: maxime.deroucy, zsh-workers On 4 lipca 2017 at 13:40:16, Maxime de Roucy (maxime.deroucy@gmail.com) wrote: > But for my part I experience it a lot (I use auto-completion menu a lot) : Cool that it's found. I experienced it today 2nd time, after sending the core dump. It was, like before, a chaotic sequence of actions, so I never could reproduce – I only know that today I requested wrong completion from a function (my _zplugin) and was randomly cancelling, so I probably pressed ESC and Ctrl-C a few times. -- Sebastian Gniazdowski psprint /at/ zdharma.org ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-07-04 12:24 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <CGME20170702150008epcas3p3213f071ddf0b458c37812d0cb3ee03aa@epcas3p3.samsung.com>
2017-07-02 14:58 ` [PATCH] Fix complist menuselect segmentation fault Maxime de Roucy
2017-07-03 14:25 ` Peter Stephenson
2017-07-04 9:14 ` Sebastian Gniazdowski
2017-07-04 11:40 ` Maxime de Roucy
2017-07-04 12:24 ` Sebastian Gniazdowski
Code repositories for project(s) associated with this public inbox https://git.vuxu.org/mirror/zsh/ This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).