Crash on interrupted completion with prezto

Crash on interrupted completion with prezto

[Bart Polot]

[-- Attachment #1.1: Type: text/plain, Size: 643 bytes --]

I get reproductible zsh crashes. Steps:

1. Start zsh 5.1.1 with default config of prezto enabled
2. Write/paste :prezto:module:editor:info:
3. Move to beginning of the line, type zsty<TAB>
4. autocompletion takes a very long time. C-c
5. zsh shows next prompt dies with segmentation fault

I re-compiled zsh with debug info and attached a quick gdb log of the
coredump. Unfortuantely, I can't reproduce it under valgrind. Running
zsh with a small plain .zshrc also results in no crash.

As I'm not very familiar with zsh I don't know what else to
test/provide, feel free to ask for more info.

Happy hacking!
-- 
Bart Polot

[-- Attachment #1.2: gdb.txt --]
[-- Type: text/plain, Size: 5791 bytes --]

quit
#0  0x0000000000481b9f in charrefinc (x=0x7ffcf95be6d0, 
    y=0x7f72e78a7e23 <error: Cannot access memory at address 0x7f72e78a7e23>, z=0x7ffcf95be6c8) at pattern.c:1935
#1  0x0000000000482db5 in patmatch (prog=0x1637a58) at pattern.c:2567
#2  0x00000000004842cb in patmatch (prog=0x1637a48) at pattern.c:3143
#3  0x0000000000482577 in pattryrefs (prog=0x1637a10, string=0x7f72ea0d4308 "globalhistory insert", stringlen=20, 
    unmetalen=20, patoffset=0, nump=0x0, begp=0x0, endp=0x0) at pattern.c:2307
#4  0x0000000000481d66 in pattry (prog=0x1637a10, string=0x7f72ea0d4308 "globalhistory insert") at pattern.c:2031
#5  0x0000000000426497 in evalcond (state=0x7ffcf95c03a0, fromtest=0x0) at cond.c:313
#6  0x00000000004331de in execcond (state=0x7ffcf95c03a0, do_exec=0) at exec.c:4526
#7  0x0000000000429a4d in execsimple (state=0x7ffcf95c03a0) at exec.c:1130
#8  0x0000000000429dc7 in execlist (state=0x7ffcf95c03a0, dont_change_job=1, exiting=0) at exec.c:1254
#9  0x000000000045bdb5 in execif (state=0x7ffcf95c03a0, do_exec=0) at loop.c:549
#10 0x0000000000430c40 in execcmd (state=0x7ffcf95c03a0, input=0, output=0, how=18, last1=2) at exec.c:3472
#11 0x000000000042bb38 in execpline2 (state=0x7ffcf95c03a0, pcode=835, how=18, input=0, output=0, last1=0)
    at exec.c:1746
#12 0x000000000042aac2 in execpline (state=0x7ffcf95c03a0, slcode=40962, how=18, last1=0) at exec.c:1524
#13 0x0000000000429f21 in execlist (state=0x7ffcf95c03a0, dont_change_job=1, exiting=0) at exec.c:1283
#14 0x000000000045be6d in execif (state=0x7ffcf95c03a0, do_exec=0) at loop.c:565
#15 0x0000000000430c40 in execcmd (state=0x7ffcf95c03a0, input=0, output=0, how=2, last1=2) at exec.c:3472
#16 0x000000000042bb38 in execpline2 (state=0x7ffcf95c03a0, pcode=387, how=2, input=0, output=0, last1=0)
    at exec.c:1746
#17 0x000000000042aac2 in execpline (state=0x7ffcf95c03a0, slcode=83970, how=2, last1=0) at exec.c:1524
#18 0x0000000000429f21 in execlist (state=0x7ffcf95c03a0, dont_change_job=1, exiting=0) at exec.c:1283
#19 0x000000000042976a in execode (p=0x165bae0, dont_change_job=1, exiting=0, context=0x4aa890 "shfunc") at exec.c:1074
#20 0x00000000004351f2 in runshfunc (prog=0x165bae0, wrap=0x0, name=0x7f72ea0d3fb0 "editor-info") at exec.c:5356
#21 0x0000000000434c33 in doshfunc (shfunc=0x165b980, doshargs=0x0, noreturnval=1) at exec.c:5222
#22 0x00007f72e8b53465 in execzlefunc (func=0x165ba80, args=0x7f72ea0d3f80, set_bindk=0) at zle_main.c:1395
#23 0x00007f72e8b6536d in bin_zle_call (name=0x7f72ea0d3f60 "zle", args=0x7f72ea0d3f80, ops=0x7ffcf95c0a80, 
    func=0 '\000') at zle_thingy.c:711
#24 0x00007f72e8b64446 in bin_zle (name=0x7f72ea0d3f60 "zle", args=0x7f72ea0d3f78, ops=0x7ffcf95c0a80, func=0)
    at zle_thingy.c:382
#25 0x000000000040fe97 in execbuiltin (args=0x7f72ea0d3f18, assigns=0x0, bn=0x7f72e8d86be0 <bintab+128>)
    at builtin.c:484
#26 0x0000000000431485 in execcmd (state=0x7ffcf95c14c0, input=0, output=0, how=18, last1=2) at exec.c:3641
#27 0x000000000042bb38 in execpline2 (state=0x7ffcf95c14c0, pcode=643, how=18, input=0, output=0, last1=0)
    at exec.c:1746
#28 0x000000000042aac2 in execpline (state=0x7ffcf95c14c0, slcode=4098, how=18, last1=0) at exec.c:1524
#29 0x0000000000429f21 in execlist (state=0x7ffcf95c14c0, dont_change_job=1, exiting=0) at exec.c:1283
#30 0x000000000042976a in execode (p=0x165bd10, dont_change_job=1, exiting=0, context=0x4aa890 "shfunc") at exec.c:1074
#31 0x00000000004351f2 in runshfunc (prog=0x165bd10, wrap=0x0, name=0x7f72ea0d3db8 "zle-line-init") at exec.c:5356
#32 0x0000000000434c33 in doshfunc (shfunc=0x165be20, doshargs=0x0, noreturnval=1) at exec.c:5222
#33 0x00007f72e8b53465 in execzlefunc (func=0x165bed0, args=0x7ffcf95c1ac0, set_bindk=1) at zle_main.c:1395
#34 0x00007f72e8b7172d in zlecallhook (name=0x7f72e8b78dfd "zle-line-init", arg=0x0) at zle_utils.c:1726
#35 0x00007f72e8b52bcc in zleread (lp=0x6d5df0 <prompt>, rp=0x6d5e28 <rprompt>, flags=3, context=0, 
    init=0x7f72e8b78dfd "zle-line-init", finish=0x7f72e8b78ded "zle-line-finish") at zle_main.c:1250
#36 0x00007f72e8b5528c in zle_main_entry (cmd=1, ap=0x7ffcf95c1cf0) at zle_main.c:1923
#37 0x000000000044d8dc in zleentry (cmd=1) at init.c:1523
#38 0x000000000044e78b in inputline () at input.c:293
#39 0x000000000044e5ea in ingetc () at input.c:226
#40 0x00000000004425d7 in ihgetc () at hist.c:391
#41 0x00000000004573fa in gettok () at lex.c:605
#42 0x0000000000456b2b in zshlex () at lex.c:271
#43 0x000000000047618b in parse_event (endtok=37) at parse.c:561
#44 0x000000000044a305 in loop (toplevel=1, justonce=0) at init.c:146
#45 0x000000000044ddd0 in zsh_main (argc=1, argv=0x7ffcf95c21c8) at init.c:1678
#46 0x000000000040f226 in main (argc=1, argv=0x7ffcf95c21c8) at ./main.c:93
1930	charrefinc(char **x, char *y, int *z)
1931	{
1932	    wchar_t wc;
1933	    size_t ret;
1934	
1935	    if (!(patglobflags & GF_MULTIBYTE) || !(STOUC(**x) & 0x80))
1936		return (wchar_t) STOUC(*(*x)++);
1937	
1938	    ret = mbrtowc(&wc, *x, y-*x, &shiftstate);
1939	
$1 (p x) = (char **) 0x7ffcf95be6d0
$2 (p *x)= 0x7f72e78a7dea <error: Cannot access memory at address 0x7f72e78a7dea>
$3 (p y) = 0x7f72e78a7e23 <error: Cannot access memory at address 0x7f72e78a7e23>
$4 (p z) = (int *) 0x7ffcf95be6c8
$5 (p *z)= 0
#1  0x0000000000482db5 in patmatch (prog=0x1637a58) at pattern.c:2567
2567			patint_t chpa = CHARREFINC(chrop, chrend, &badpa);
2562			 * case they don't match even if the returned
2563			 * values (one properly converted, one raw) are
2564			 * the same.
2565			 */
2566			patint_t chin = CHARREFINC(patinput, patinend, &badin);
2567			patint_t chpa = CHARREFINC(chrop, chrend, &badpa);
2568			if (!CHARMATCH(chin, chpa) || badin != badpa) {
2569			    fail = 1;
2570			    patinput = savpatinput;
2571			    chrop = savchrop;
quit

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: Crash on interrupted completion with prezto

[Bart Schaefer]

On Oct 10,  5:17am, Bart Polot wrote:
}
} 1. Start zsh 5.1.1 with default config of prezto enabled

Sigh.  It's really hard to debug things that require a plugin package
to be loaded before anything goes wrong.

} I re-compiled zsh with debug info and attached a quick gdb log of the
} coredump. Unfortuantely, I can't reproduce it under valgrind.

This probably indicates that it's yet another interrupt-handling race
condition.  We've been playing whack-a-mole with those for a while.

However, there have also been a number of recent optimizations in the
code around the point where your stack trace ends.  At the least it
may mean that things have sped up to the point where you don't feel
like whacking ctrl+c.  Refer to ZSH_PATCHLEVEL zsh-5.1.1-83-g83a1757.

However part 2, this makes me wonder if the new patallocstr() routine
needs queue_signals() / unqueue_signals().