From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <zsh-workers-return-20415-mason-zsh=primenet.com.au@sunsite.dk>
Received: (qmail 23894 invoked from network); 29 Sep 2004 22:49:44 -0000
Received: from news.dotsrc.org (HELO a.mx.sunsite.dk) (130.225.247.88)
  by ns1.primenet.com.au with SMTP; 29 Sep 2004 22:49:44 -0000
Received: (qmail 57158 invoked from network); 29 Sep 2004 22:44:27 -0000
Received: from sunsite.dk (130.225.247.90)
  by a.mx.sunsite.dk with SMTP; 29 Sep 2004 22:44:27 -0000
Received: (qmail 10655 invoked by alias); 29 Sep 2004 22:39:08 -0000
Mailing-List: contact zsh-workers-help@sunsite.dk; run by ezmlm
Precedence: bulk
X-No-Archive: yes
X-Seq: 20415
Received: (qmail 23803 invoked from network); 29 Sep 2004 15:32:26 -0000
Received: from unknown (HELO a.mx.sunsite.dk) (130.225.247.88)
  by sunsite.dk with SMTP; 29 Sep 2004 15:32:26 -0000
Received: (qmail 70765 invoked from network); 29 Sep 2004 15:31:27 -0000
Received: from bay2-f28.bay2.hotmail.com (HELO hotmail.com) (65.54.247.28)
  by a.mx.sunsite.dk with SMTP; 29 Sep 2004 15:31:24 -0000
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Wed, 29 Sep 2004 08:07:09 -0700
Received: from 217.211.152.197 by by2fd.bay2.hotmail.msn.com with HTTP;
	Wed, 29 Sep 2004 15:06:27 GMT
X-Originating-IP: [217.211.152.197]
X-Originating-Email: [sebras@hotmail.com]
X-Sender: sebras@hotmail.com
From: "Sebastian Rasmussen" <sebras@hotmail.com>
To: zsh-workers@sunsite.dk
Bcc: 
Subject: Command line bug since zsh 3.1.7...
Date: Wed, 29 Sep 2004 17:06:27 +0200
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <BAY2-F2825q8awYFDIf0000af93@hotmail.com>
X-OriginalArrivalTime: 29 Sep 2004 15:07:09.0904 (UTC) FILETIME=[FE0E3D00:01C4A635]
X-Spam-Checker-Version: SpamAssassin 2.63 on a.mx.sunsite.dk
X-Spam-Level: *
X-Spam-Status: No, hits=1.6 required=6.0 tests=HTML_MESSAGE,RCVD_IN_SORBS 
	autolearn=no version=2.63
X-Spam-Hits: 1.6

Hi!

Today I discovered a bug in zsh 4.2.1 that's been
present in zsh since 3.1.7!

The problem was discovered when I accidentally
deleted a continued line continaing a pipe in a
makefile that I was building. zsh appeared to
segfault so I tried to make a simple testcase that
reproduced the bug and ended up with:

SHELL = zsh

foo:
        echo bar | \
        # this line is intentionally missing a command

When I run make I get

hal9000% make
echo bar | \
# this line is intentionally missing a command
make: *** [foo] Segmentation fault
hal9000%

which surely can't be right. By persuading make to
print what commands were exec():ed I discovered
that zsh was invoked like this:

zsh -c 'echo bar |'

Testing this gives:

hal9000% zsh -c 'echo bar |'
zsh: segmentation fault  zsh -c 'echo bar |'
hal9000%

Which seems consistent with the results from make.
By compiling and testing several versions I nailed
down the last working version to 3.1.6 which
appears not to segfault:

hal9000% ./zsh-3.1.6 -c 'echo bar |'
hal9000%

The first crashing version is 3.1.7. Running this
through gdb gives:

hal9000% gdb zsh-3.1.7
GNU gdb 6.1-debian
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain 
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-linux"...Using host libthread_db library 
"/lib/

(gdb) run -c 'echo bar |'
Starting program: /var/tmp/sebras/zsh/bin/zsh-3.1.7 -c 'echo bar |'
Detaching after fork from child process 4193.

Program received signal SIGSEGV, Segmentation fault.
0x40116a5b in strlen () from /lib/tls/libc.so.6
(gdb) bt
#0  0x40116a5b in strlen () from /lib/tls/libc.so.6
#1  0x080a0622 in taddstr (s=0x5bfe8419 <Address 0x5bfe8419 out of bounds>)
    at text.c:60
#2  0x080a0746 in taddlist (state=0xbffff9f0, num=29204875) at text.c:86
#3  0x080a0d4b in gettext2 (state=0xbffff9f0) at text.c:326
#4  0x080a08cd in getjobtext (prog=0x402265c0, c=0x40226600) at text.c:160
#5  0x0805f2d1 in execpline2 (state=0xbffffbb0, pcode=0, how=18, input=12,
    output=0, last1=1) at exec.c:1175
#6  0x0805f568 in execpline2 (state=0xbffffbb0, pcode=35, how=18, input=0,
    output=0, last1=1) at exec.c:1233
#7  0x0805e94f in execpline (state=0xbffffbb0, slcode=5122, how=18, last1=1)
    at exec.c:976
#8  0x0805e3ba in execlist (state=0xbffffbb0, dont_change_job=0, exiting=1)
    at exec.c:821
#9  0x0805e0c3 in execode (p=0x402265c0, dont_change_job=0, exiting=1)
    at exec.c:727
#10 0x0805e085 in execstring (s=0xbffffde8 "echo bar |", dont_change_job=0,
    exiting=1) at exec.c:713
#11 0x08073ea2 in init_misc () at init.c:888
#12 0x080514a9 in main (argc=3, argv=0xbffffcc4) at main.c:82
(gdb)

Or, the equivalent backtrace in zsh 4.2.1:

hal9000% gdb zsh-4.2.1
GNU gdb 6.1-debian
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain 
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-linux"...Using host libthread_db library 
"/lib/

(gdb) run -c 'echo bar |'
Starting program: /var/tmp/sebras/zsh/bin/zsh-4.2.1 -c 'echo bar |'
Detaching after fork from child process 16004.

Program received signal SIGSEGV, Segmentation fault.
0x40116a5b in strlen () from /lib/tls/libc.so.6
(gdb) bt
#0  0x40116a5b in strlen () from /lib/tls/libc.so.6
#1  0x080b468e in taddstr (s=0x502af91e <Address 0x502af91e out of bounds>)
    at text.c:60
#2  0x080b47b2 in taddlist (state=0xbffff9d0, num=14602435) at text.c:86
#3  0x080b4e52 in gettext2 (state=0xbffff9d0) at text.c:335
#4  0x080b495a in getjobtext (prog=0x40226098, c=0x402260e0) at text.c:164
#5  0x0806624a in execpline2 (state=0xbffffba0, pcode=0, how=18, input=12,
    output=0, last1=1) at exec.c:1268
#6  0x08066509 in execpline2 (state=0xbffffba0, pcode=163, how=18, input=0,
    output=0, last1=1) at exec.c:1326
#7  0x080657d3 in execpline (state=0xbffffba0, slcode=5122, how=18, last1=1)
    at exec.c:1065
#8  0x08065120 in execlist (state=0xbffffba0, dont_change_job=0, exiting=1)
    at exec.c:871
#9  0x08064e2c in execode (p=0x40226098, dont_change_job=0, exiting=1)
    at exec.c:771
#10 0x08064de3 in execstring (s=0xbffffdf8 "echo bar |", dont_change_job=0,
    exiting=1) at exec.c:756
#11 0x0807d506 in init_misc () at init.c:984
#12 0x0807e2bd in zsh_main (argc=3, argv=0xbffffcd4) at init.c:1263
#13 0x080523f6 in main (argc=3, argv=0xbffffcd4) at main.c:93
(gdb)

I hope that this is enough information for you to
nail down and fix the bug. If not, don't hesitate
to contact me and I'll try to provide you with the
relevant info.

/ Sebastian Rasmussen

_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail