* Possible Bug @ 2015-08-31 21:30 Brian Millar 2015-09-01 5:53 ` Bart Schaefer 0 siblings, 1 reply; 4+ messages in thread From: Brian Millar @ 2015-08-31 21:30 UTC (permalink / raw) To: zsh-workers [-- Attachment #1: Type: text/plain, Size: 872 bytes --] Hi, I think I may have discovered a bug in ZSH. I was trying to install a prompt theme and I mixed things up moved things and named things wrong. This resulted in the file wanted by the set_prompt actually being a directory. ZSH would crash on start, if I ran it on top of another shell I could see the error was "set_prompt:100: fatal error: out of memory". I traced it and found that the open() syscall ran on the directory, the result was passed to lseek() with argument SEEK_END which I don't think makes any sense for a directory. lseek() returned an astronomically huge value which was passed to mmap() as bytes to allocate. Thats when the crash happens. I talked to some kernel folks who say you should check that the file coming from open() is not anything other than a normal file. If this is not a ZSH bug I'm sorry for wasting your time. ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Possible Bug 2015-08-31 21:30 Possible Bug Brian Millar @ 2015-09-01 5:53 ` Bart Schaefer 2015-09-01 12:02 ` Brian Millar 2015-09-01 20:51 ` Peter Stephenson 0 siblings, 2 replies; 4+ messages in thread From: Bart Schaefer @ 2015-09-01 5:53 UTC (permalink / raw) To: Brian Millar, zsh-workers@zsh.org On Aug 31, 9:30pm, Brian Millar wrote: } } This resulted in the file wanted by the set_prompt actually being a } directory. } } ZSH would crash on start, if I ran it on top of another shell I could } see the error was "set_prompt:100: fatal error: out of memory". } } I traced it and found that the open() syscall ran on the directory, } the result was passed to lseek() with argument SEEK_END which I don't } think makes any sense for a directory. Confirmed this. Autoloading calls access(..., R_OK) but does not stat() for plain-file-ness before attempting to open() and load into memory. On what operating system is this occurring? lseek() on a directory in my straces always returns zero. ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Possible Bug 2015-09-01 5:53 ` Bart Schaefer @ 2015-09-01 12:02 ` Brian Millar 2015-09-01 20:51 ` Peter Stephenson 1 sibling, 0 replies; 4+ messages in thread From: Brian Millar @ 2015-09-01 12:02 UTC (permalink / raw) To: Bart Schaefer, zsh-workers@zsh.org >On what operating system is this occurring? I'm running Gentoo with linux-4.1.3-gentoo-gnu, that means it has the Gentoo patches and is deblobed/libre. ________________________________________ From: Bart Schaefer <schaefer@brasslantern.com> Sent: Tuesday, September 1, 2015 6:53 AM To: Brian Millar; zsh-workers@zsh.org Subject: Re: Possible Bug On Aug 31, 9:30pm, Brian Millar wrote: } } This resulted in the file wanted by the set_prompt actually being a } directory. } } ZSH would crash on start, if I ran it on top of another shell I could } see the error was "set_prompt:100: fatal error: out of memory". } } I traced it and found that the open() syscall ran on the directory, } the result was passed to lseek() with argument SEEK_END which I don't } think makes any sense for a directory. Confirmed this. Autoloading calls access(..., R_OK) but does not stat() for plain-file-ness before attempting to open() and load into memory. On what operating system is this occurring? lseek() on a directory in my straces always returns zero. ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Possible Bug 2015-09-01 5:53 ` Bart Schaefer 2015-09-01 12:02 ` Brian Millar @ 2015-09-01 20:51 ` Peter Stephenson 1 sibling, 0 replies; 4+ messages in thread From: Peter Stephenson @ 2015-09-01 20:51 UTC (permalink / raw) To: Bart Schaefer, zsh-workers@zsh.org ; +Cc: Brian Millar On Mon, 31 Aug 2015 22:53:04 -0700 Bart Schaefer <schaefer@brasslantern.com> wrote: > Confirmed this. Autoloading calls access(..., R_OK) but does not stat() > for plain-file-ness before attempting to open() and load into memory. The tests we usually use for this kind of thing look like this. This means we'll skip the directory silently and find a regular file within another directory if there is one, and only report an error if there isn't --- I presume that's correct. pws diff --git a/Src/exec.c b/Src/exec.c index 45f1c66..109a04a 100644 --- a/Src/exec.c +++ b/Src/exec.c @@ -5392,7 +5392,9 @@ getfpfunc(char *s, int *ksh, char **fname) } unmetafy(buf, NULL); if (!access(buf, R_OK) && (fd = open(buf, O_RDONLY | O_NOCTTY)) != -1) { - if ((len = lseek(fd, 0, 2)) != -1) { + struct stat st; + if (!fstat(fd, &st) && S_ISREG(st.st_mode) && + (len = lseek(fd, 0, 2)) != -1) { d = (char *) zalloc(len + 1); lseek(fd, 0, 0); if ((rlen = read(fd, d, len)) >= 0) { ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-09-01 20:51 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2015-08-31 21:30 Possible Bug Brian Millar 2015-09-01 5:53 ` Bart Schaefer 2015-09-01 12:02 ` Brian Millar 2015-09-01 20:51 ` Peter Stephenson
Code repositories for project(s) associated with this public inbox https://git.vuxu.org/mirror/zsh/ This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).