From: Christian Neukirchen <chneukirchen@gmail.com>
To: zsh-workers@zsh.org
Subject: Re: Segfault with zsh 5.2
Date: Mon, 07 Dec 2015 15:31:32 +0100 [thread overview]
Message-ID: <878u56jpob.fsf@gmail.com> (raw)
In-Reply-To: <20151207135532.1a285c15@pwslap01u.europe.root.pri> (Peter Stephenson's message of "Mon, 07 Dec 2015 13:55:32 +0000")
Peter Stephenson <p.stephenson@samsung.com> writes:
> On Mon, 7 Dec 2015 14:01:57 +0100
> Christian Neukirchen <chneukirchen@gmail.com> wrote:
>> zle-line-init() {
>> BUFFER="$ICMD"
>> zle accept-line
>> zle -D zle-line-init
>> }
>
> I couldn't get your crash to happen easily, and the crash
> actually happened in a normal alloc high up in the execution tree so
> doesn't give us much direct help apart from pointing at memory
> management. (The call was protected by signal queueing, by the way.)
>
> However, there's definitely something very dodgy in memory management
> for the code above. It's always been this way, so I think the fact it's
> just shown up is an accident. I couldn't get valgrind to show it up,
> for some reason, but the evidence from gdb is incontrovertible.
I have one valgrid run, I shall test your patch soon:
juno ~% valgrind zsh -is eval sleep 0 0 0 0
==1389== Memcheck, a memory error detector
==1389== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==1389== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==1389== Command: zsh -is eval sleep 0 0 0 0
==1389==
==1397==
==1397== HEAP SUMMARY:
==1397== in use at exit: 527,943 bytes in 10,860 blocks
==1397== total heap usage: 16,675 allocs, 5,815 frees, 3,817,997 bytes allocated
==1397==
==1397== LEAK SUMMARY:
==1397== definitely lost: 0 bytes in 0 blocks
==1397== indirectly lost: 0 bytes in 0 blocks
==1397== possibly lost: 0 bytes in 0 blocks
==1397== still reachable: 527,943 bytes in 10,860 blocks
==1397== suppressed: 0 bytes in 0 blocks
==1397== Rerun with --leak-check=full to see details of leaked memory
==1397==
==1397== For counts of detected and suppressed errors, rerun with: -v
==1397== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
==1407==
==1407== HEAP SUMMARY:
==1407== in use at exit: 1,891,117 bytes in 47,441 blocks
==1407== total heap usage: 56,449 allocs, 9,008 frees, 6,313,464 bytes allocated
==1407==
==1407== LEAK SUMMARY:
==1407== definitely lost: 0 bytes in 0 blocks
==1407== indirectly lost: 0 bytes in 0 blocks
==1407== possibly lost: 0 bytes in 0 blocks
==1407== still reachable: 1,891,117 bytes in 47,441 blocks
==1407== suppressed: 0 bytes in 0 blocks
==1407== Rerun with --leak-check=full to see details of leaked memory
==1407==
==1407== For counts of detected and suppressed errors, rerun with: -v
==1407== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
==1389== Invalid read of size 4
==1389== at 0x6187FD9: execzlefunc (in /usr/lib/zsh/5.2/zsh/zle.so)
==1389== by 0x61A0C20: zlecallhook (in /usr/lib/zsh/5.2/zsh/zle.so)
==1389== by 0x6189097: zleread (in /usr/lib/zsh/5.2/zsh/zle.so)
==1389== by 0x1550A9: zleentry (in /usr/bin/zsh)
==1389== by 0x156648: ingetc.part.1 (in /usr/bin/zsh)
==1389== by 0x14E22C: ihgetc (in /usr/bin/zsh)
==1389== by 0x16039E: zshlex.part.1 (in /usr/bin/zsh)
==1389== by 0x17EB6E: parse_event (in /usr/bin/zsh)
==1389== by 0x151C18: loop (in /usr/bin/zsh)
==1389== by 0x155753: zsh_main (in /usr/bin/zsh)
==1389== by 0x57D167F: (below main) (libc-start.c:289)
==1389== Address 0x6edca70 is 0 bytes inside a block of size 40 free'd
==1389== at 0x4C2AE10: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1389== by 0x6196D67: unbindwidget (in /usr/lib/zsh/5.2/zsh/zle.so)
==1389== by 0x6196DB4: bin_zle_del (in /usr/lib/zsh/5.2/zsh/zle.so)
==1389== by 0x12CB14: execbuiltin (in /usr/bin/zsh)
==1389== by 0x13ADEC: execcmd (in /usr/bin/zsh)
==1389== by 0x13B94D: execpline2 (in /usr/bin/zsh)
==1389== by 0x13BD3A: execpline (in /usr/bin/zsh)
==1389== by 0x13D5F8: execlist (in /usr/bin/zsh)
==1389== by 0x13D97C: execode (in /usr/bin/zsh)
==1389== by 0x13E45A: runshfunc (in /usr/bin/zsh)
==1389== by 0x13EDCF: doshfunc (in /usr/bin/zsh)
==1389== by 0x6187FB1: execzlefunc (in /usr/lib/zsh/5.2/zsh/zle.so)
==1389== Block was alloc'd at
==1389== at 0x4C29BA0: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1389== by 0x167C7B: zalloc (in /usr/bin/zsh)
==1389== by 0x6197413: bin_zle_new (in /usr/lib/zsh/5.2/zsh/zle.so)
==1389== by 0x12CB14: execbuiltin (in /usr/bin/zsh)
==1389== by 0x13ADEC: execcmd (in /usr/bin/zsh)
==1389== by 0x13B94D: execpline2 (in /usr/bin/zsh)
==1389== by 0x13BD3A: execpline (in /usr/bin/zsh)
==1389== by 0x13D5F8: execlist (in /usr/bin/zsh)
==1389== by 0x162AB1: execif (in /usr/bin/zsh)
==1389== by 0x139E5C: execcmd (in /usr/bin/zsh)
==1389== by 0x13B94D: execpline2 (in /usr/bin/zsh)
==1389== by 0x13BD3A: execpline (in /usr/bin/zsh)
==1389==
==1389== Invalid write of size 4
==1389== at 0x6187FEA: execzlefunc (in /usr/lib/zsh/5.2/zsh/zle.so)
==1389== by 0x61A0C20: zlecallhook (in /usr/lib/zsh/5.2/zsh/zle.so)
==1389== by 0x6189097: zleread (in /usr/lib/zsh/5.2/zsh/zle.so)
==1389== by 0x1550A9: zleentry (in /usr/bin/zsh)
==1389== by 0x156648: ingetc.part.1 (in /usr/bin/zsh)
==1389== by 0x14E22C: ihgetc (in /usr/bin/zsh)
==1389== by 0x16039E: zshlex.part.1 (in /usr/bin/zsh)
==1389== by 0x17EB6E: parse_event (in /usr/bin/zsh)
==1389== by 0x151C18: loop (in /usr/bin/zsh)
==1389== by 0x155753: zsh_main (in /usr/bin/zsh)
==1389== by 0x57D167F: (below main) (libc-start.c:289)
==1389== Address 0x6edca70 is 0 bytes inside a block of size 40 free'd
==1389== at 0x4C2AE10: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1389== by 0x6196D67: unbindwidget (in /usr/lib/zsh/5.2/zsh/zle.so)
==1389== by 0x6196DB4: bin_zle_del (in /usr/lib/zsh/5.2/zsh/zle.so)
==1389== by 0x12CB14: execbuiltin (in /usr/bin/zsh)
==1389== by 0x13ADEC: execcmd (in /usr/bin/zsh)
==1389== by 0x13B94D: execpline2 (in /usr/bin/zsh)
==1389== by 0x13BD3A: execpline (in /usr/bin/zsh)
==1389== by 0x13D5F8: execlist (in /usr/bin/zsh)
==1389== by 0x13D97C: execode (in /usr/bin/zsh)
==1389== by 0x13E45A: runshfunc (in /usr/bin/zsh)
==1389== by 0x13EDCF: doshfunc (in /usr/bin/zsh)
==1389== by 0x6187FB1: execzlefunc (in /usr/lib/zsh/5.2/zsh/zle.so)
==1389== Block was alloc'd at
==1389== at 0x4C29BA0: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1389== by 0x167C7B: zalloc (in /usr/bin/zsh)
==1389== by 0x6197413: bin_zle_new (in /usr/lib/zsh/5.2/zsh/zle.so)
==1389== by 0x12CB14: execbuiltin (in /usr/bin/zsh)
==1389== by 0x13ADEC: execcmd (in /usr/bin/zsh)
==1389== by 0x13B94D: execpline2 (in /usr/bin/zsh)
==1389== by 0x13BD3A: execpline (in /usr/bin/zsh)
==1389== by 0x13D5F8: execlist (in /usr/bin/zsh)
==1389== by 0x162AB1: execif (in /usr/bin/zsh)
==1389== by 0x139E5C: execcmd (in /usr/bin/zsh)
==1389== by 0x13B94D: execpline2 (in /usr/bin/zsh)
==1389== by 0x13BD3A: execpline (in /usr/bin/zsh)
==1389==
sleep 0 0 0 0
==1410==
==1410== HEAP SUMMARY:
==1410== in use at exit: 1,895,679 bytes in 47,458 blocks
==1410== total heap usage: 56,713 allocs, 9,255 frees, 6,340,861 bytes allocated
==1410==
==1410== LEAK SUMMARY:
==1410== definitely lost: 0 bytes in 0 blocks
==1410== indirectly lost: 0 bytes in 0 blocks
==1410== possibly lost: 0 bytes in 0 blocks
==1410== still reachable: 1,895,679 bytes in 47,458 blocks
==1410== suppressed: 0 bytes in 0 blocks
==1410== Rerun with --leak-check=full to see details of leaked memory
==1410==
==1410== For counts of detected and suppressed errors, rerun with: -v
==1410== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
--
Christian Neukirchen <chneukirchen@gmail.com> http://chneukirchen.org
next prev parent reply other threads:[~2015-12-07 14:31 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-07 13:01 Christian Neukirchen
2015-12-07 13:55 ` Peter Stephenson
2015-12-07 14:31 ` Christian Neukirchen [this message]
2015-12-07 14:36 ` Peter Stephenson
2015-12-07 14:54 ` Christian Neukirchen
2016-01-22 20:12 ` ${path[@]} in sh mode [was: Segfault with zsh 5.2] Martijn Dekker
2016-01-22 20:45 ` Martijn Dekker
2016-01-23 0:07 ` Mikael Magnusson
2016-01-23 1:08 ` Martijn Dekker
2016-01-23 1:53 ` Bart Schaefer
2016-01-24 15:15 ` Peter Stephenson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=878u56jpob.fsf@gmail.com \
--to=chneukirchen@gmail.com \
--cc=zsh-workers@zsh.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).