From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+ml==a==inbox.vuxu.org==zsh-workers@zsh.org>
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_EF,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
	T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4
Received: from zero.zsh.org (zero.zsh.org [IPv6:2a02:898:31:0:48:4558:7a:7368])
	by inbox.vuxu.org (Postfix) with ESMTP id F25B826E6E
	for <ml@inbox.vuxu.org>; Wed, 28 Feb 2024 17:23:58 +0100 (CET)
ARC-Seal: i=1; cv=none; a=rsa-sha256; d=zsh.org; s=rsa-20210803; t=1709137438;
	 b=LApcMTK0b+O2DHR5ci5KZp+LctDrChc8stCjiTCBqni9uWjiQtzJE2kWMItK7I5FWpwtSEICk0
	  QHCUcqNUm0Q+46qSmYhV1YmueXjPcai2edXmaGvcZnKNLaEzZnNNue2NuK5ulQK5Uo5f+8AJ+6
	  lFYReaRGW50bvRmI4JUgCSNFjlTlc9ghxI/sSGdm86T0znaXtxvoZZbF7puLuymPLPGsJG20eg
	  HYjYXjk0b5fVVDv1RJC9FqoMxnjT3vWM3rm3m+h6/FpsYZc81DbH+wx6Klrme25ZyKyDQi8LFS
	  MCOsGrk2/sX+aLhVuKk0UOjhMU/3qeg0dgDpmtUhWodyiQ==;
ARC-Authentication-Results: i=1; zsh.org;
	iprev=pass (snd01003-bg.im.kddi.ne.jp) smtp.remote-ip=27.86.113.19;
	dmarc=none header.from=kba.biglobe.ne.jp;
	arc=none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed; d=zsh.org; s=rsa-20210803; t=1709137438;
	bh=1GS/dvTLqUZ5EL1E9VvK/rF035ThXY5FGhZhcwVlvl8=;
	h=List-Archive:List-Owner:List-Post:List-Unsubscribe:List-Subscribe:List-Help:
	  List-Id:Sender:To:Date:Message-ID:Subject:MIME-Version:
	  Content-Transfer-Encoding:Content-Type:From:DKIM-Signature;
	b=fx/cGR0n+pqHoM+h/E4MHTZOdwoRh0v1nVrHBSzQx4/xKYe/rngcY3NAVUcW07jqPx4ie9iprT
	  JmcZTCx4hctIntoeEv9EZ8lx5LH3Ne1jIX/TFIyAyEwqHEehNsKQpR5NX1B0QogXJtGn0G3+Qv
	  bPJws3ABjYLyurW9U1Mqf/nGmJBnnndg6H6ZGemTQKpr3c6AVhqVQrRq8wyUFa0vKre58mH4sk
	  ZBxlVyo8nYkTNHZgOLK7gnl6RNYED0cyp75t6NZ42Bc8pxHDtL3xIYo07mPx7+gR1w7+1nnnGf
	  a3vmkYuaEAHbylMhLum0U8QMXtPU1hLGB15kG1ll1qkr1Q==;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=zsh.org;
	s=rsa-20210803; h=List-Archive:List-Owner:List-Post:List-Unsubscribe:
	List-Subscribe:List-Help:List-Id:Sender:To:Date:Message-Id:Subject:
	Mime-Version:Content-Transfer-Encoding:Content-Type:From:Reply-To:Cc:
	Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
	Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References;
	bh=ppvPjsma3XpHp9RAv/FjktV0kI0WR+WTQ1ABRA8bEgQ=; b=WKgAvizL6GfaM7arZ+yjq1wR/i
	rkPjnIMKVubGb57JFfRAIhdR5d6EJwxREIQnyszd4teAWxy0eEIDwU7120elbZ6gyw59vG+SbqPUb
	XfdYCXjSobWIvJYSAAwLDWFM41tn8ueMo8dSjYFFNFOiLTEUBcVgzBypP2UTPP7bu2UTbQVyVydcl
	kZ6vJa2afRrFhbgynvlbgQ7E7r2ClWezrxUdmNZ0o3GOuailIWoCD20FwRwhs17wNMaVamCC/p+Qc
	YFH+Drv1OAMAXJEo4AayJAUhfdhMcFgoao+UC9chVKOW+xjWmlFUn0VDxuRlqCG4ROEwGUq5LOSdd
	ZXku7ykw==;
Received: by zero.zsh.org with local
	id 1rfMiq-000J0P-W9;
	Wed, 28 Feb 2024 16:23:57 +0000
Authentication-Results: zsh.org;
	iprev=pass (snd01003-bg.im.kddi.ne.jp) smtp.remote-ip=27.86.113.19;
	dmarc=none header.from=kba.biglobe.ne.jp;
	arc=none
Received: from snd01003-bg.im.kddi.ne.jp ([27.86.113.19]:55969 helo=dfmta1014.biglobe.ne.jp)
	by zero.zsh.org with esmtps (TLS1.3:TLS_AES_256_GCM_SHA384:256)
	id 1rfMiE-000Ig3-MM;
	Wed, 28 Feb 2024 16:23:20 +0000
Received: from mail.biglobe.ne.jp by omta1014.biglobe.ne.jp with ESMTP
          id <20240228162311725.ECMZ.60167.mail.biglobe.ne.jp@biglobe.ne.jp>
          for <zsh-workers@zsh.org>; Thu, 29 Feb 2024 01:23:11 +0900
From: "Jun. T" <takimoto-j@kba.biglobe.ne.jp>
Content-Type: text/plain;
	charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.4\))
Subject: D04parameter.ztst crashes if USE_MMAP is not defined
Message-Id: <5A8A5063-D43C-4AD0-A03E-0A5E84259FFA@kba.biglobe.ne.jp>
Date: Thu, 29 Feb 2024 01:23:10 +0900
To: zsh-workers@zsh.org
X-Mailer: Apple Mail (2.3696.120.41.1.4)
X-Biglobe-Sender: takimoto-j@kba.biglobe.ne.jp
X-Seq: 52634
Archived-At: <https://zsh.org/workers/52634>
X-Loop: zsh-workers@zsh.org
Errors-To: zsh-workers-owner@zsh.org
Precedence: list
Precedence: bulk
Sender: zsh-workers-request@zsh.org
X-no-archive: yes
List-Id: <zsh-workers.zsh.org>
List-Help: <http://www.zsh.org/sympa/help>, <mailto:sympa@zsh.org?subject=HELP>
List-Subscribe: <http://www.zsh.org/sympa/subscribe/zsh-workers>, <mailto:sympa@zsh.org?subject=SUB%20zsh-workers>
List-Unsubscribe: <http://www.zsh.org/sympa/signoff/zsh-workers>, <mailto:sympa@zsh.org?subject=SIG%20zsh-workers>
List-Post: <mailto:zsh-workers@zsh.org>
List-Owner: <mailto:zsh-workers-request@zsh.org>
List-Archive: <http://www.zsh.org/sympa/arc/zsh-workers>

If I use autoconf-2.72 to create configure on Cygwin, and build
zsh, then test D04parameter crashes. The crash can be reproduced
on Linux or macOS by, after ./configure, manually removing the
following lines from zsh.h,
#define HAVE_MMAP 1
#define HAVE_MSYNC 1
#define HAVE_MUNMAP 1
and "make; make TESTNUM=3DD04 check".

[1] AC_FUNC_MMAP in autoconf-2.72 checks functionalities of
mmap() more strictly, and Cygwin's mmap() can't pass this
test, and HAVE_MMAP is not defined in zsh.h.

# The new AC_FUNC_MMAP checks whether MAP_FIXED works as
# expected or not (and it doesn't work on Cygwin). But zsh does
# not use MAP_FIXED. If autoconf-2.71 or earlier is used on
# Cygwin, HAVE_MMAP is defined and the resulting zsh works fine.

It seems something is wrong in the code that is used when
USE_MMAP is not defined.

[2] The crash occurs in the test chunk
"Unsetting and recreation of tied normal parameters".
The chunk has 8 "print $STRING $string", and it crashes
at the 6th of them.

But If I run the code in the chunk alone in a zsh (built without
HAVE_MMAP) it does not crash. Maybe the crash is related with
some state of the heap?

[3] Back trace of the crashed zsh (obtained on Ubuntu-22.04):
#0  __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:74
#1  0x000055e6f65cbffe in paramsubst (l=3D0x55e6f860b178, =
n=3D0x55e6f860b1c0,=20
    str=3D0x7ffcebda63a0, qt=3D0, pf_flags=3D0, =
ret_flags=3D0x7ffcebda64b4)
    at subst.c:4322
#2  0x000055e6f65c2592 in stringsubst (list=3D0x55e6f860b178,=20
    node=3D0x55e6f860b1c0, pf_flags=3D0, ret_flags=3D0x7ffcebda64b4, =
asssub=3D0)
    at subst.c:322
#3  0x000055e6f65c1878 in prefork (list=3D0x55e6f860b178, flags=3D0,=20
    ret_flags=3D0x7ffcebda64b4) at subst.c:142
#4  0x000055e6f6549ec7 in execcmd_exec (state=3D0x7ffcebda6e00,=20
    eparams=3D0x7ffcebda6a10, input=3D0, output=3D0, how=3D2, last1=3D2,=20=

    close_if_forked=3D-1) at exec.c:3282
#5  0x000055e6f6546636 in execpline2 (state=3D0x7ffcebda6e00, =
pcode=3D1219, how=3D2,=20
    input=3D0, output=3D0, last1=3D0) at exec.c:2016
#6  0x000055e6f65451ca in execpline (state=3D0x7ffcebda6e00, =
slcode=3D5122, how=3D2,=20
    last1=3D0) at exec.c:1741
#7  0x000055e6f654440c in execlist (state=3D0x7ffcebda6e00, =
dont_change_job=3D1,=20
    exiting=3D0) at exec.c:1495
#8  0x000055e6f6543a2c in execode (p=3D0x55e6f8609ec0, =
dont_change_job=3D1,=20
    exiting=3D0, context=3D0x55e6f65e10eb "eval") at exec.c:1276
#9  0x000055e6f6539bca in eval (argv=3D0x55e6f8608de0) at builtin.c:6203
#10 0x000055e6f653a8de in bin_eval (nam=3D0x55e6f8608ba8 "eval",=20
    argv=3D0x55e6f8608de0, ops=3D0x7ffcebda6fa0, func=3D14) at =
builtin.c:6389

line 4322 in subst.c is:
            xlen =3D strlen(x);
It seems x (=3D aval[0]) points to an already freed memory, but
I currently have no time to investigate further.