From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from primenet.com.au (ns1.primenet.com.au [203.24.36.2]) by inbox.vuxu.org (OpenSMTPD) with ESMTP id 76721721 for ; Mon, 28 Oct 2019 13:34:55 +0000 (UTC) Received: (qmail 3296 invoked by alias); 28 Oct 2019 13:34:50 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: List-Unsubscribe: X-Seq: 44877 Received: (qmail 3783 invoked by uid 1010); 28 Oct 2019 13:34:50 -0000 X-Qmail-Scanner-Diagnostics: from mail-io1-f67.google.com by f.primenet.com.au (envelope-from , uid 7791) with qmail-scanner-2.11 (clamdscan: 0.102.0/25615. spamassassin: 3.4.2. Clear:RC:0(209.85.166.67):SA:0(-2.0/5.0):. Processed in 3.593926 secs); 28 Oct 2019 13:34:50 -0000 X-Envelope-From: roman.perepelitsa@gmail.com X-Qmail-Scanner-Mime-Attachments: | X-Qmail-Scanner-Zip-Files: | Received-SPF: pass (ns1.primenet.com.au: SPF record at _netblocks.google.com designates 209.85.166.67 as permitted sender) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=tkiOKlj8clg7AoQ5oL8JDAoTnVWkG79cJOUXquIqJDM=; b=bDh8wWgnsrwVlG1yXlcYMWaFZoWKrlfBF1EK4YuaOrIEVT+21C1emMA29X6JUhY6k6 jDsCBOzSc3r6ML2wuYVOAMFPxdMamDMBeCS3PDyivlT8SagAK+JgcSaelYoiu9jk7IRE RLSiuXk6TYeeoHMVCK6NR178SSS6Lg4fFrAQHd3Sx5CgwkVwqmtZOpVgANStNVECDOYS xtGmcBfPBaA7ViZN4qWQ5rVK2HHp432C4Rl/MzYRCnydM2tNt0lZ1Z5SmpN6RlBeWHcT XqIxkxxmGcA2jAaUrSfEOcgHKfuxo5AmJpS4JUrFLZkULRXjZUm6kUILrZkc59Il6cb2 EynQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=tkiOKlj8clg7AoQ5oL8JDAoTnVWkG79cJOUXquIqJDM=; b=maIOQqpFxBYyN0Ejm+7mDetf8HhKaMkM9uW7RjRDPT/i6IKGBzY8VjLXJYLm6+m4S3 HQR0u0ZtgTo6DeWkWWNZtH4thApX58quohNgnmkHOKG4cPjmiI0OcC6CzXFzalnLuiPN j90FA8rQwego1m+dJFtH23+HNmPlEDoil+tUdhMm7jZWD2nK6yNwznkAaPyFB1bUgw7a BE2YxDHGDcQOKDaSp6vK4kBXbLtJP8ZRUV3t8bZtmQsDLnso59ERyXLp9niEPY3QHhd5 wBNegqrqETBvVh8gkd9abJJbm3m++iX+1cstqFkS4qkXfQCvJ+efmkepM2IA+1DLPlPs PIFQ== X-Gm-Message-State: APjAAAUmOEZBzEtgZqpCjIa18SsS06VuufYr1iP48kxlVgHQRDNUuvA4 3E0lkRzmfOp4w/HEhR+omzNCVJdhLZZFOGctubk+SR2JOoI= X-Google-Smtp-Source: APXvYqwVY5oTsDLZ5tt+GdSuqx82lp12eEVXefz4HFM8D53F2HJL6u+Gpdh23tdDf6R8ZbnS9u560FTSu1Gthb2BNKo= X-Received: by 2002:a5e:9b13:: with SMTP id j19mr4034825iok.169.1572269653521; Mon, 28 Oct 2019 06:34:13 -0700 (PDT) MIME-Version: 1.0 From: Roman Perepelitsa Date: Mon, 28 Oct 2019 14:34:02 +0100 Message-ID: Subject: Segfault with terminal width <= 6 To: Zsh hackers list Content-Type: text/plain; charset="UTF-8" When terminal width is <= 6, there is memory corruption somewhere that leads to segfault. It reproduces reliably on my machine with the following sequence. 1. Resize your terminal to 6x6. Height doesn't matter but it's important for width to be <= 6. 2. Type `PROMPT='' zsh -df`. The value of PROMPT doesn't matter. I'm using empty propt so that my "screenshots" look the same as what you would see if you attempted to reproduce this. 3. Press and hold `x` until you see `>` appearing on the first line. It doesn't matter if you hold it longer than necessary. >.... xxxxxx xxxxxx xxxxxx xxxxxx 4. Press and hold left arrow until `>` disappears. It doesn't matter if you hold it longer than necessary. xxxxxx xxxxxx xxxxxx xxxxxx xxxxxx <.... 5. At this point memory is corrupted and many actions can crash zsh. The simplest is to press Ctrl+C. free(): invalid next size (fast) zsh: abort (core dumped) Here's a backtrace: #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51 #1 0x00007f8dcba57801 in __GI_abort () at abort.c:79 #2 0x00007f8dcbaa0897 in __libc_message ( action=action@entry=do_abort, fmt=fmt@entry=0x7f8dcbbcdb9a "%s\n") at ../sysdeps/posix/libc_fatal.c:181 #3 0x00007f8dcbaa790a in malloc_printerr ( str=str@entry=0x7f8dcbbcf800 "free(): invalid next size (fast)") at malloc.c:5350 #4 0x00007f8dcbaaef60 in _int_free (have_lock=0, p=0x55f7fcc5f1b0, av=0x7f8dcbe02c40 ) at malloc.c:4213 #5 __GI___libc_free (mem=0x55f7fcc5f1c0) at malloc.c:3124 #6 0x00007f8dca3ce6e3 in freechanges (p=0x55f7fcc5f270) at zle_utils.c:1452 #7 0x00007f8dca3ce65f in freeundo () at zle_utils.c:1436 #8 0x00007f8dca3ad564 in zleread (lp=0x55f7fbcace20 , rp=0x0, flags=3, context=0, init=0x7f8dca3d75c0 "zle-line-init", finish=0x7f8dca3d75b0 "zle-line-finish") at zle_main.c:1371 #9 0x00007f8dca3b052b in zle_main_entry (cmd=1, ap=0x7ffe7fd8f620) at zle_main.c:2119 #10 0x000055f7fba0a83c in zleentry (cmd=1) at init.c:1605 #11 0x000055f7fba0bb8d in inputline () at input.c:295 #12 0x000055f7fba0b9d1 in ingetc () at input.c:228 #13 0x000055f7fb9fd945 in ihgetc () at hist.c:408 #14 0x000055f7fba15e99 in gettok () at lex.c:611 #15 0x000055f7fba15576 in zshlex () at lex.c:275 #16 0x000055f7fba3d3b0 in parse_event (endtok=37) at parse.c:581 #17 0x000055f7fba0695e in loop (toplevel=1, justonce=0) at init.c:150 #18 0x000055f7fba0ad38 in zsh_main (argc=2, argv=0x7ffe7fd8fae8) at init.c:1770 #19 0x000055f7fb9bc0b7 in main (argc=2, argv=0x7ffe7fd8fae8) at ./main.c:93 If you do something different on step 5, it'll crash with a different stack trace. All stack traces I've seen lead to __GI___libc_free. This appears to be an old bug. zsh-4.3.17 crashes in the same manner. I haven't tried it with an older version. Roman.