From: Sebastian Gniazdowski <sgniazdowski@gmail.com>
To: Zsh hackers list <zsh-workers@zsh.org>
Subject: Re: [PATCH] Fortify zrealloc append to arrays
Date: Sun, 17 Jun 2018 20:26:07 +0200 [thread overview]
Message-ID: <CAKc7PVAQ=iJ_8kqYqXCaALDgsRqJJtkBr3-VXw5OZZdT5QF=2w@mail.gmail.com> (raw)
In-Reply-To: <CAKc7PVC1EeRoAD366Qeb2BGua4LmUrqEZ-9wT2SLLGevPiE3Ew@mail.gmail.com>
I luckily obtained segfaults and coredumps. Ran -O0 zsh, waited for
segfault, and here is backtrace:
(lldb) bt
* thread #1, stop reason = signal SIGSTOP
* frame #0: 0x0000000103f81e18 zle.so`getkeybuf(w=0) at zle_keymap.c:1679
frame #1: 0x0000000103f81b26
zle.so`getkeymapcmd(km=0x00007faa2801d800, funcp=0x00007ffeebdeaab0,
strp=0x00007ffeebdeaa98) at zle_keymap.c:1587
frame #2: 0x0000000103f81f73 zle.so`getkeycmd at zle_keymap.c:1705
frame #3: 0x0000000103f84b7c zle.so`zlecore at zle_main.c:1129
frame #4: 0x0000000103f85575 zle.so`zleread(lp=0x0000000103ee2bf8,
rp=0x0000000103ee2c38, flags=3, context=0, init="zle-line-init",
finish="zle-line-finish") at zle_main.c:1352
frame #5: 0x0000000103f863c3 zle.so`zle_main_entry(cmd=1,
ap=0x00007ffeebdeb090) at zle_main.c:2109
frame #6: 0x0000000103e60f67 zsh`zleentry(cmd=1) at init.c:1602
frame #7: 0x0000000103e6265d zsh`inputline at input.c:295
frame #8: 0x0000000103e62255 zsh`ingetc at input.c:228
frame #9: 0x0000000103e541bd zsh`ihgetc at hist.c:407
frame #10: 0x0000000103e6bd36 zsh`gettok at lex.c:611
I've listed source and obtained:
frame #0: 0x0000000103f81e18 zle.so`getkeybuf(w=0) at zle_keymap.c:1679
1676 int c = getbyte((long)w, NULL);
1677
1678 if(c < 0)
-> 1679 return EOF;
1680 addkeybuf(c);
1681 return c;
1682 }
Where could be segfault hiding? I know one thing. If I comment out
following line with <():
exec {PCFD}< <(echo ${sysparams[pid]})
I get no segfault nor other (Ctrl-C) problems. Interior of <( ) can be
different from above, the same happens.
On 17 June 2018 at 16:39, Sebastian Gniazdowski <sgniazdowski@gmail.com> wrote:
> Hello,
> one user of my project reports crash with message about realloc(), when pasting:
>
> $ openssl req -new -newkey rsa:4096 > regisrealloc(): invalid old size
> Connection to localhost closed.
>
> I looked at my code that introduced realloc() to array appends. It
> seems that its correctness is guarded by this: before patch, old
> pointer (old array) was subject to arrsetfn, which does freearray().
> So if string can be freed, it for sure can be realloc()-ed.
>
> That said I have a patch that checks if old pointer isn't nullarray
> (static variable) and has the standard getter. A fortification, to
> sleep better.
>
> --
> Best regards,
> Sebastian Gniazdowski
prev parent reply other threads:[~2018-06-17 18:26 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-17 14:39 Sebastian Gniazdowski
2018-06-17 18:26 ` Sebastian Gniazdowski [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAKc7PVAQ=iJ_8kqYqXCaALDgsRqJJtkBr3-VXw5OZZdT5QF=2w@mail.gmail.com' \
--to=sgniazdowski@gmail.com \
--cc=zsh-workers@zsh.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).