From: "Johan Ström" <johan@stromnet.se>
To: Bart Schaefer <schaefer@brasslantern.com>
Cc: zsh-workers@zsh.org
Subject: Re: "crash: free invalid next size (fast)" on completion
Date: Thu, 24 Mar 2022 08:31:53 +0100 [thread overview]
Message-ID: <96788bd2-783a-920e-1b6b-ea20ae2683f4@stromnet.se> (raw)
In-Reply-To: <CAH+w=7Yn_jyvHiOtpMAmq8rFESM16LgEdzgGx7t0E+c2ctS1fg@mail.gmail.com>
Hi,
On 2022-03-23 18:14, Bart Schaefer wrote:
> (Following up to zsh-users so this thread doesn't appear abandoned;
> further discussion should probably be directed to
> zsh-workers@zsh.org.)
Continuing on zsh-worker
>
> On Tue, Mar 22, 2022 at 12:41 AM Johan Ström <johan@stromnet.se> wrote:
>> last week (and now today again, on several terminals after being idle since Friday) I noticed that several of my terminals crashed and closed when writing `git <tab>` or `ls <tab>`. Managed to capture one such crash on video before terminal closed, and it printed "free invalid next size (fast)".
> ...
>> Stack trace of thread 843836:
>> #5 0x00007f36842f104d _int_free (libc.so.6 + 0x9b04d)
>> #6 0x00007f36842f3be3 free (libc.so.6 + 0x9dbe3)
>> #7 0x00007f36839ffa7f unmetafy_line (zle.so + 0x33a7f)
>> #8 0x00007f3683a0427a n/a (zle.so + 0x3827a)
>> #9 0x00007f36839fcc34 completecall (zle.so + 0x30c34)
>>
>> These terminals have been running for ~5 days.
>> On newly opened terminals, tab completion works fine.
>>
>> Have had 5.8-1 on this machine since July, never had any issues. 5.8.1-1 installed on 16 Feb.
> Hm. There's nothing in the zsh code changes I see that would cause
> this effect; an actually idle shell should have been sitting blocked
> on read. Is there any sort of periodic event that might be sending a
> signal to those shells?
There is nothing in my .zsh config that I'm aware of that would do
anything periodic. PS1 is simple: "%m %~$". The terminal is foot
(https://codeberg.org/dnkl/foot) and window manager is sway
(wlroots-based), not sure if they'd do anything.. The terminal was
seemingly identical to how I left it at least.
A bunch of other packages have been updated at the same time, so could
of course be something external. But I have not experienced any crashes
or issues in any other programs.
Took a quick look on the 5.8..5.8.1 diff and there seems to be some
buffer juggling going on, didn't look too close but perhaps there is
some overflow or double free or something?
>
> Do other completions crash, or only completions that involve file names?
Not sure, will check with some known completion if I see it again
(typically have a bunch of terminal open, and at least previously
multiple of them seemed to break)
next parent reply other threads:[~2022-03-24 7:32 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <df2ea61b-d0ea-ba95-98e0-d0fe84b800d0@stromnet.se>
[not found] ` <CAH+w=7Yn_jyvHiOtpMAmq8rFESM16LgEdzgGx7t0E+c2ctS1fg@mail.gmail.com>
2022-03-24 7:31 ` Johan Ström [this message]
2022-03-24 9:58 ` Peter Stephenson
2022-03-24 10:12 ` Johan Ström
2022-03-24 10:47 ` Peter Stephenson
2022-03-31 17:17 ` Jun. T
2022-03-31 22:07 ` Bart Schaefer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=96788bd2-783a-920e-1b6b-ea20ae2683f4@stromnet.se \
--to=johan@stromnet.se \
--cc=schaefer@brasslantern.com \
--cc=zsh-workers@zsh.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).