From: <jp-www@dcs.gla.ac.uk>
To: <zsh-workers@sunsite.dk>
Subject: segfault bug in menu selection + diagnosis
Date: Sat, 18 Jan 2003 21:47:59 +0000 (GMT) [thread overview]
Message-ID: <Pine.LNX.4.33.0301182145480.15613-100000@sibu.dcs.gla.ac.uk> (raw)
Hi,
I'm new to zsh and have been playing with the nice completion stuff. I've
found a segfaulting bug which appears to be reproducable. This was against
zsh-4.0.6, but I've also confirmed it with the HEAD branch in CVS (18/1/03
21:20).
Steps to reproduce:
1. Start a new shell which uses new-style completion and the following
styles:
zstyle ':completion:*:kill:*' menu yes select
zstyle ':completion:*:kill:*' force-list always
These aren't actually necessary -- if you press tab enough times to
get the menu select to appear it happens too.
2. Type 'kill '
3. Press tab to get menu selection of processes (so a single process ID
appears on the command line and the first process in the list is
highlighted)
4. Resize your terminal to make it a bit wider, causing a SIGWINCH
5. Press the UP arrow
6. Segmentation fault should occur
If it doesn't happen straight away, try starting afresh and moving around
a little bit with the arrows before resizing.
This was on an i386 RedHat 8.0 system. The info below pertains to
zsh-4.0.6.
Backtrace indicates that the crash occurs in domenuselect() in
complist.c:2272, in a call to dosingle(**p), while deferencing p twice.
The memory it pointed to has been freed, and doing
print (char*) p
in gdb shows a string (in this case):
"=01;31:(jobs)*.Z=01;31:(jobs)*.gz=01;"...
So I suppose the memory has been reused for some strings that
have been later allocated.
I don't know enough about the structure of the source code to fix the
problem, but I think it's happening because the zrefresh() that's
called as a result of handling the SIGWINCH (the signal is delivered
during the domenuselect call to getkeycmd() at line 1781) eventually
causes complistmatches() to be called, thus freeing the 'mtab' global
array unexpectedly (at least to domenuselect()), so 'p' is invalid.
Thanks. I hope I've provided enough information to resolve the issue.
reply other threads:[~2003-01-18 21:48 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Pine.LNX.4.33.0301182145480.15613-100000@sibu.dcs.gla.ac.uk \
--to=jp-www@dcs.gla.ac.uk \
--cc=zsh-workers@sunsite.dk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).