From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 23490 invoked by alias); 16 May 2017 01:37:02 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: X-Seq: 41109 Received: (qmail 29385 invoked from network); 16 May 2017 01:37:02 -0000 X-Qmail-Scanner-Diagnostics: from mail-qk0-f172.google.com by f.primenet.com.au (envelope-from , uid 7791) with qmail-scanner-2.11 (clamdscan: 0.99.2/21882. spamassassin: 3.4.1. Clear:RC:0(209.85.220.172):SA:0(-2.3/5.0):. Processed in 1.187502 secs); 16 May 2017 01:37:02 -0000 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=-2.3 required=5.0 tests=FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,RCVD_IN_SORBS_SPAM,SPF_PASS, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.1 X-Envelope-From: dualbus@gmail.com X-Qmail-Scanner-Mime-Attachments: | X-Qmail-Scanner-Zip-Files: | Received-SPF: pass (ns1.primenet.com.au: SPF record at _netblocks.google.com designates 209.85.220.172 as permitted sender) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=tk8dtabJRS631A6jV59vAgUmAzCxXo0/9dpP/i7x0lA=; b=UxrgrPIVAAUaFJnHQ6xK0lJ3by5aPXtnavauqUoMa9Y8AEhhjiGZ65Btw+NIMQV9WY JmlPgom3d+0GuAn3XdMOE6ww7ezQS8B+ECLFQqaMBz/ldYVr4iVa+w7vTZMjGhwFMDg5 JG1vw35ZqLe3lTxQzn0E1QOl6H/bdu6M5zip1ihZlJv1E4zLC8oldj4g4vyEDEa2vcCK z+L1fFcTElCYiUyh0y3KSlw0WUvoB9pu++LmwaooUv49xtfBcaF7sBOvNN/oZfz3z2Ts BFoT7tcCILBzVFM15PDRewJHgrnxLfqiSFvoBLTBS/ut0PfI8uxMi20mq1XJJiKOw80n CuyQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=tk8dtabJRS631A6jV59vAgUmAzCxXo0/9dpP/i7x0lA=; b=sC3g8v78S6gqOJc7qo8qQUTj2MSQenpGMlwvQdXp5T4LVzhBpJaqlNDAmvW93Qu+QB gnE4jdGs0+f2FAxofZoxRhdBgWsk9b0+QRWRF7F9r54XTmjgDoDjorhMAbAbHn3/pr4t 93rO/ITt5nllrQtYq2AHOT0ivg4vT632CLqQRnOcI7JqEiN2tkeURM4be0tT8UmIy81C YCNDnLccaq8sRbz1jK8Qq13CGlrm9dZekbEeFXFZy6Xj6YVkLc7LdwGKNSV1pQUt1Im9 az4M8iyTMxOCvxpqIZK62/Jtl5th8nyqoY55DuA7fjzas+0OWVGXWS/BLOAXMhc/26+p 9Aww== X-Gm-Message-State: AODbwcDNV/nAPinqa7LGZoxzu85bIJJj+x+PDmh+GEasO+Sg4II+2mF9 0QvYqGR63ql9g8kpmOvo6CTL/BTYGmpY X-Received: by 10.55.160.18 with SMTP id j18mr7791699qke.116.1494898615191; Mon, 15 May 2017 18:36:55 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: References: From: Eduardo Bustamante Date: Mon, 15 May 2017 20:36:34 -0500 Message-ID: Subject: Re: Zsh parser segmentation fault in strcatsub To: Bart Schaefer Cc: "zsh-workers@zsh.org" Content-Type: text/plain; charset="UTF-8" On Mon, May 15, 2017 at 7:48 PM, Bart Schaefer wrote: [...] > You are not using "-f". Is it possible that a setting in a startup > file is affecting this? How do you build Zsh? Here's how I build it (with Clang, or GCC+ASAN). dualbus@debian:~/src/zsh/zsh$ git rev-parse HEAD 171e7fa4c1d9cbf0d8ff35ee795e1599913aa329 dualbus@debian:~/src/zsh/zsh$ ./Util/preconfig && CC=clang CFLAGS='-O0 -ggdb' LDFLAGS='' ./configure && make -j4 [...] dualbus@debian:~/src/zsh/zsh$ md5sum strcatsub 45a3a29522b0bd62d073d791b722ce02 strcatsub dualbus@debian:~/src/zsh/zsh$ ./Src/zsh -nf strcatsub Segmentation fault dualbus@debian:~/src/zsh/zsh$ ./Util/preconfig && CFLAGS='-O0 -ggdb -fsanitize=address -fno-omit-frame-pointer' LDFLAGS=-lasan ./configure && make -j4 [...] dualbus@debian:~/src/zsh/zsh$ ./Src/zsh -nf strcatsub ================================================================= ==2860==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6290000041f8 at pc 0x56236c85fac3 bp 0x7ffe5ddad580 sp 0x7ffe5ddad578 READ of size 1 at 0x6290000041f8 thread T0 #0 0x56236c85fac2 in mb_metacharlenconv /home/dualbus/src/zsh/zsh/Src/utils.c:5370 #1 0x56236c82ee04 in dopadding /home/dualbus/src/zsh/zsh/Src/subst.c:922 #2 0x56236c83cdba in paramsubst /home/dualbus/src/zsh/zsh/Src/subst.c:4022 #3 0x56236c82a954 in stringsubst /home/dualbus/src/zsh/zsh/Src/subst.c:247 #4 0x56236c829070 in prefork /home/dualbus/src/zsh/zsh/Src/subst.c:85 #5 0x56236c82bc22 in singsub /home/dualbus/src/zsh/zsh/Src/subst.c:430 #6 0x56236c8375b9 in paramsubst /home/dualbus/src/zsh/zsh/Src/subst.c:3011 #7 0x56236c82a954 in stringsubst /home/dualbus/src/zsh/zsh/Src/subst.c:247 #8 0x56236c829070 in prefork /home/dualbus/src/zsh/zsh/Src/subst.c:85 #9 0x56236c73114a in execcmd_getargs /home/dualbus/src/zsh/zsh/Src/exec.c:2659 #10 0x56236c731b24 in execcmd_exec /home/dualbus/src/zsh/zsh/Src/exec.c:2765 #11 0x56236c72b753 in execpline2 /home/dualbus/src/zsh/zsh/Src/exec.c:1873 #12 0x56236c7286bc in execpline /home/dualbus/src/zsh/zsh/Src/exec.c:1602 #13 0x56236c72699e in execlist /home/dualbus/src/zsh/zsh/Src/exec.c:1360 #14 0x56236c725117 in execode /home/dualbus/src/zsh/zsh/Src/exec.c:1141 #15 0x56236c77a9a5 in loop /home/dualbus/src/zsh/zsh/Src/init.c:208 #16 0x56236c784757 in zsh_main /home/dualbus/src/zsh/zsh/Src/init.c:1692 #17 0x56236c6dd31f in main main.c:93 #18 0x7f8561b282b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) #19 0x56236c6dd1f9 in _start (/home/dualbus/src/zsh/zsh/Src/zsh+0x421f9) 0x6290000041f8 is located 0 bytes to the right of 16376-byte region [0x629000000200,0x6290000041f8) allocated by thread T0 here: #0 0x7f85628a1d28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28) #1 0x56236c7b4df3 in zalloc /home/dualbus/src/zsh/zsh/Src/mem.c:966 #2 0x56236c7b2ff9 in zhalloc /home/dualbus/src/zsh/zsh/Src/mem.c:639 #3 0x56236c82874e in dupstring /home/dualbus/src/zsh/zsh/Src/string.c:39 #4 0x56236c7a003f in parse_subst_string /home/dualbus/src/zsh/zsh/Src/lex.c:1710 #5 0x56236c837436 in paramsubst /home/dualbus/src/zsh/zsh/Src/subst.c:2975 #6 0x56236c82a954 in stringsubst /home/dualbus/src/zsh/zsh/Src/subst.c:247 #7 0x56236c829070 in prefork /home/dualbus/src/zsh/zsh/Src/subst.c:85 #8 0x56236c73114a in execcmd_getargs /home/dualbus/src/zsh/zsh/Src/exec.c:2659 #9 0x56236c731b24 in execcmd_exec /home/dualbus/src/zsh/zsh/Src/exec.c:2765 #10 0x56236c72b753 in execpline2 /home/dualbus/src/zsh/zsh/Src/exec.c:1873 #11 0x56236c7286bc in execpline /home/dualbus/src/zsh/zsh/Src/exec.c:1602 #12 0x56236c72699e in execlist /home/dualbus/src/zsh/zsh/Src/exec.c:1360 #13 0x56236c725117 in execode /home/dualbus/src/zsh/zsh/Src/exec.c:1141 #14 0x56236c77a9a5 in loop /home/dualbus/src/zsh/zsh/Src/init.c:208 #15 0x56236c784757 in zsh_main /home/dualbus/src/zsh/zsh/Src/init.c:1692 #16 0x56236c6dd31f in main main.c:93 #17 0x7f8561b282b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) SUMMARY: AddressSanitizer: heap-buffer-overflow /home/dualbus/src/zsh/zsh/Src/utils.c:5370 in mb_metacharlenconv Shadow bytes around the buggy address: 0x0c527fff87e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c527fff87f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c527fff8800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c527fff8810: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c527fff8820: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c527fff8830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00[fa] 0x0c527fff8840: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c527fff8850: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c527fff8860: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c527fff8870: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c527fff8880: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==2860==ABORTING It doesn't segfault if I run it under Valgrind.