* [PATCH] Fix complist menuselect segmentation fault
@ 2017-07-02 14:58 ` Maxime de Roucy
2017-07-03 14:25 ` Peter Stephenson
2017-07-04 9:14 ` Sebastian Gniazdowski
0 siblings, 2 replies; 5+ messages in thread
From: Maxime de Roucy @ 2017-07-02 14:58 UTC (permalink / raw)
To: zsh-workers; +Cc: Maxime de Roucy
Without this patch :
I use :
zstyle ':completion:*:hosts' menu yes=long yes=20 select search
Imagine I have 2 hosts : "ab" and "bb"
When I try to use the completion menu ("isearch") and type "aa" the shell
crash (segmentation fault).
The first "a" match only host "ab", so when a type the second "a", mcol
and mline == 0.
The first time the code enter "if (x == ex && y == ey)", it leave the if
with x = y = ex = ey = 0.
Then "++x" (line 2331) increment x, and x and y can't match ex and ey
anymore since they can only increase.
→ segmentation fault
---
Src/Zle/complist.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/Src/Zle/complist.c b/Src/Zle/complist.c
index 035038815..a83daeff9 100644
--- a/Src/Zle/complist.c
+++ b/Src/Zle/complist.c
@@ -2334,11 +2334,6 @@ msearch(Cmatch **ptr, char *ins, int back, int rep, int *wrapp)
}
}
if (x == ex && y == ey) {
- if (wrap) {
- msearchstate = MS_FAILED | owrap;
- break;
- }
- msearchstate |= MS_WRAPPED;
if (back) {
x = mcols - 1;
@@ -2350,6 +2345,13 @@ msearch(Cmatch **ptr, char *ins, int back, int rep, int *wrapp)
}
ex = mcol;
ey = mline;
+
+ if (wrap || (x == ex && y == ey)) {
+ msearchstate = MS_FAILED | owrap;
+ break;
+ }
+
+ msearchstate |= MS_WRAPPED;
wrap = 1;
*wrapp = 1;
}
--
2.13.2
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] Fix complist menuselect segmentation fault
2017-07-02 14:58 ` [PATCH] Fix complist menuselect segmentation fault Maxime de Roucy
@ 2017-07-03 14:25 ` Peter Stephenson
2017-07-04 9:14 ` Sebastian Gniazdowski
1 sibling, 0 replies; 5+ messages in thread
From: Peter Stephenson @ 2017-07-03 14:25 UTC (permalink / raw)
To: Maxime de Roucy, zsh-workers
On Sun, 2 Jul 2017 16:58:20 +0200
Maxime de Roucy <maxime.deroucy@gmail.com> wrote:
> Without this patch :
>
> I use :
>
> zstyle ':completion:*:hosts' menu yes=long yes=20 select search
>
> Imagine I have 2 hosts : "ab" and "bb"
>
> When I try to use the completion menu ("isearch") and type "aa" the shell
> crash (segmentation fault).
>
> The first "a" match only host "ab", so when a type the second "a", mcol
> and mline == 0.
>
> The first time the code enter "if (x == ex && y == ey)", it leave the if
> with x = y = ex = ey = 0.
> Then "++x" (line 2331) increment x, and x and y can't match ex and ey
> anymore since they can only increase.
> → segmentation fault
Thanks --- the existing code here is obscure enough I think I'm just
going to apply your patch and see if anyone notices side effects. It
looks like they'd have to be pretty subtle --- I'm guessing that
problem has been there a very long time.
pws
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] Fix complist menuselect segmentation fault
2017-07-02 14:58 ` [PATCH] Fix complist menuselect segmentation fault Maxime de Roucy
2017-07-03 14:25 ` Peter Stephenson
@ 2017-07-04 9:14 ` Sebastian Gniazdowski
2017-07-04 11:40 ` Maxime de Roucy
1 sibling, 1 reply; 5+ messages in thread
From: Sebastian Gniazdowski @ 2017-07-04 9:14 UTC (permalink / raw)
To: Maxime de Roucy, zsh-workers; +Cc: Maxime de Roucy
On 2 lipca 2017 at 16:58:20, Maxime de Roucy (maxime.deroucy@gmail.com) wrote:
> Without this patch :
I have this core dump from 06.05.2017, not sure if it's related, I think I attach it here. The segmentation fault happened once.
* thread #1: tid = 0x0000, 0x00000001021032fb complist.so`msearch(ptr=0x00007fd97b34d940, ins="M", back=0, rep=0, wrapp=0x00007fff5ded95a8) + 315 at complist.c:2312, stop reason = signal SIGSTOP
* frame #0: 0x00000001021032fb complist.so`msearch(ptr=0x00007fd97b34d940, ins="M", back=0, rep=0, wrapp=0x00007fff5ded95a8) + 315 at complist.c:2312
frame #1: 0x00000001020fb56b complist.so`domenuselect(dummy=0x00000001020ea208, dat=0x00007fff5ded9928) + 16027 at complist.c:3349
frame #2: 0x0000000101d842d6 zsh-5.3.1-dev-0`runhookdef + 150
frame #3: 0x00000001020cbd8c complete.so`after_complete + 108
frame #4: 0x0000000101d84351 zsh-5.3.1-dev-0`runhookdef + 273
frame #5: 0x000000010208539d zle.so`docomplete + 4013
frame #6: 0x0000000102085724 zle.so`expandorcomplete + 228
frame #7: 0x00000001020841a6 zle.so`completecall + 70
frame #8: 0x000000010206de3e zle.so`execzlefunc + 734
frame #9: 0x0000000102083b47 zle.so`bin_zle_call + 1191
frame #10: 0x0000000102082276 zle.so`bin_zle + 438
frame #11: 0x0000000101d209fa zsh-5.3.1-dev-0`execbuiltin + 3242
frame #12: 0x0000000101d4a943 zsh-5.3.1-dev-0`execcmd_exec + 18595
frame #13: 0x0000000101d45ad9 zsh-5.3.1-dev-0`execpline2 + 425
frame #14: 0x0000000101d3edd1 zsh-5.3.1-dev-0`execpline + 945
frame #15: 0x0000000101d3dfb1 zsh-5.3.1-dev-0`execlist + 1745
frame #16: 0x0000000101d3d8ac zsh-5.3.1-dev-0`execode + 284
frame #17: 0x0000000101d43c2d zsh-5.3.1-dev-0`runshfunc + 509
frame #18: 0x0000000101d43590 zsh-5.3.1-dev-0`doshfunc + 2160
frame #19: 0x0000000101d4529d zsh-5.3.1-dev-0`execshfunc + 525
frame #20: 0x0000000101d4a28c zsh-5.3.1-dev-0`execcmd_exec + 16876
frame #21: 0x0000000101d45ad9 zsh-5.3.1-dev-0`execpline2 + 425
frame #22: 0x0000000101d3edd1 zsh-5.3.1-dev-0`execpline + 945
frame #23: 0x0000000101d3df5e zsh-5.3.1-dev-0`execlist + 1662
frame #24: 0x0000000101d3d8ac zsh-5.3.1-dev-0`execode + 284
frame #25: 0x0000000101d43c2d zsh-5.3.1-dev-0`runshfunc + 509
frame #26: 0x0000000101d43590 zsh-5.3.1-dev-0`doshfunc + 2160
frame #27: 0x000000010206e1c5 zle.so`execzlefunc + 1637
frame #28: 0x0000000102083b47 zle.so`bin_zle_call + 1191
frame #29: 0x0000000102082276 zle.so`bin_zle + 438
frame #30: 0x0000000101d209fa zsh-5.3.1-dev-0`execbuiltin + 3242
frame #31: 0x0000000101d4a943 zsh-5.3.1-dev-0`execcmd_exec + 18595
frame #32: 0x0000000101d45ad9 zsh-5.3.1-dev-0`execpline2 + 425
frame #33: 0x0000000101d3edd1 zsh-5.3.1-dev-0`execpline + 945
frame #34: 0x0000000101d3df5e zsh-5.3.1-dev-0`execlist + 1662
frame #35: 0x0000000101d7c429 zsh-5.3.1-dev-0`execif + 521
frame #36: 0x0000000101d4a067 zsh-5.3.1-dev-0`execcmd_exec + 16327
frame #37: 0x0000000101d45ad9 zsh-5.3.1-dev-0`execpline2 + 425
frame #38: 0x0000000101d3edd1 zsh-5.3.1-dev-0`execpline + 945
frame #39: 0x0000000101d3df5e zsh-5.3.1-dev-0`execlist + 1662
frame #40: 0x0000000101d3d8ac zsh-5.3.1-dev-0`execode + 284
frame #41: 0x0000000101d43c2d zsh-5.3.1-dev-0`runshfunc + 509
frame #42: 0x0000000101d43590 zsh-5.3.1-dev-0`doshfunc + 2160
frame #43: 0x0000000101d4529d zsh-5.3.1-dev-0`execshfunc + 525
frame #44: 0x0000000101d4a28c zsh-5.3.1-dev-0`execcmd_exec + 16876
frame #45: 0x0000000101d45ad9 zsh-5.3.1-dev-0`execpline2 + 425
frame #46: 0x0000000101d3edd1 zsh-5.3.1-dev-0`execpline + 945
frame #47: 0x0000000101d3df5e zsh-5.3.1-dev-0`execlist + 1662
frame #48: 0x0000000101d3d8ac zsh-5.3.1-dev-0`execode + 284
frame #49: 0x0000000101d43c2d zsh-5.3.1-dev-0`runshfunc + 509
frame #50: 0x0000000101d43590 zsh-5.3.1-dev-0`doshfunc + 2160
frame #51: 0x0000000101d4529d zsh-5.3.1-dev-0`execshfunc + 525
frame #52: 0x0000000101d4a28c zsh-5.3.1-dev-0`execcmd_exec + 16876
frame #53: 0x0000000101d45ad9 zsh-5.3.1-dev-0`execpline2 + 425
frame #54: 0x0000000101d3edd1 zsh-5.3.1-dev-0`execpline + 945
frame #55: 0x0000000101d3df5e zsh-5.3.1-dev-0`execlist + 1662
frame #56: 0x0000000101d3d8ac zsh-5.3.1-dev-0`execode + 284
frame #57: 0x0000000101d43c2d zsh-5.3.1-dev-0`runshfunc + 509
frame #58: 0x0000000101d43590 zsh-5.3.1-dev-0`doshfunc + 2160
frame #59: 0x0000000101d4529d zsh-5.3.1-dev-0`execshfunc + 525
frame #60: 0x0000000101d4a28c zsh-5.3.1-dev-0`execcmd_exec + 16876
frame #61: 0x0000000101d45ad9 zsh-5.3.1-dev-0`execpline2 + 425
frame #62: 0x0000000101d3edd1 zsh-5.3.1-dev-0`execpline + 945
frame #63: 0x0000000101d3df5e zsh-5.3.1-dev-0`execlist + 1662
frame #64: 0x0000000101d3d8ac zsh-5.3.1-dev-0`execode + 284
frame #65: 0x0000000101d43c2d zsh-5.3.1-dev-0`runshfunc + 509
frame #66: 0x0000000101d43590 zsh-5.3.1-dev-0`doshfunc + 2160
frame #67: 0x000000010206e1c5 zle.so`execzlefunc + 1637
frame #68: 0x000000010206e5ff zle.so`zlecore + 415
frame #69: 0x000000010206ef65 zle.so`zleread + 1845
frame #70: 0x000000010206fdb3 zle.so`zle_main_entry + 739
frame #71: 0x0000000101d6af97 zsh-5.3.1-dev-0`zleentry + 615
frame #72: 0x0000000101d6c72d zsh-5.3.1-dev-0`inputline + 509
frame #73: 0x0000000101d6c325 zsh-5.3.1-dev-0`ingetc + 325
frame #74: 0x0000000101d5e41d zsh-5.3.1-dev-0`ihgetc + 13
frame #75: 0x0000000101d75986 zsh-5.3.1-dev-0`gettok + 38
frame #76: 0x0000000101d756f9 zsh-5.3.1-dev-0`zshlex + 121
frame #77: 0x0000000101d9aeb7 zsh-5.3.1-dev-0`parse_event + 55
frame #78: 0x0000000101d67096 zsh-5.3.1-dev-0`loop + 294
frame #79: 0x0000000101d6b5af zsh-5.3.1-dev-0`zsh_main + 847
frame #80: 0x0000000101d1fa82 zsh-5.3.1-dev-0`main + 34
frame #81: 0x00007fff912e95ad libdyld.dylib`start + 1
frame #82: 0x00007fff912e95ad libdyld.dylib`start + 1
--
Sebastian Gniazdowski
psprint /at/ zdharma.org
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] Fix complist menuselect segmentation fault
2017-07-04 9:14 ` Sebastian Gniazdowski
@ 2017-07-04 11:40 ` Maxime de Roucy
2017-07-04 12:24 ` Sebastian Gniazdowski
0 siblings, 1 reply; 5+ messages in thread
From: Maxime de Roucy @ 2017-07-04 11:40 UTC (permalink / raw)
To: Sebastian Gniazdowski, zsh-workers
[-- Attachment #1: Type: text/plain, Size: 3573 bytes --]
> I have this core dump from 06.05.2017, not sure if it's related, I
> think I attach it here. The segmentation fault happened once.
>
> * thread #1: tid = 0x0000, 0x00000001021032fb
> complist.so`msearch(ptr=0x00007fd97b34d940, ins="M", back=0, rep=0,
> wrapp=0x00007fff5ded95a8) + 315 at complist.c:2312, stop reason =
> signal SIGSTOP
I don't have a detailed coredump like this but I think it's related,
when I debug the problem in gdb the segfault append exactly at line
2312.
https://sourceforge.net/p/zsh/code/ci/master/tree/Src/Zle/complist.c#l2312
But for my part I experience it a lot (I use auto-completion menu a lot) :
```
max@mde-oxalide % sudo coredumpctl list /usr/bin/zsh | head
TIME PID UID GID SIG COREFILE EXE
Tue 2016-10-18 15:18:05 CEST 8075 1000 100 11 missing /usr/bin/zsh
Thu 2016-10-20 18:33:17 CEST 14850 1000 100 11 missing /usr/bin/zsh
Tue 2016-10-25 14:45:59 CEST 18653 1000 100 11 missing /usr/bin/zsh
Mon 2016-11-28 18:26:56 CET 13915 1000 100 11 missing /usr/bin/zsh
Tue 2016-11-29 19:28:49 CET 3067 1000 100 11 missing /usr/bin/zsh
Wed 2016-11-30 10:25:04 CET 1303 1000 100 11 missing /usr/bin/zsh
Wed 2016-11-30 15:10:46 CET 16278 1000 100 11 missing /usr/bin/zsh
Wed 2016-12-07 18:03:07 CET 32027 1000 100 11 missing /usr/bin/zsh
Fri 2016-12-09 14:29:07 CET 22713 1000 100 11 missing /usr/bin/zsh
max@laptop % sudo coredumpctl -r list /usr/bin/zsh | wc -l
83
```
My coredumps aren't detailed as yours :
```
max@laptop % sudo coredumpctl dump /usr/bin/zsh
PID: 3148 (zsh)
UID: 1000 (max)
GID: 100 (users)
Signal: 11 (SEGV)
Timestamp: Sun 2017-07-02 15:23:17 CEST (1 day 22h ago)
Command Line: /usr/bin/zsh
Executable: /usr/bin/zsh
Control Group: /user.slice/user-1000.slice/user@1000.service/gnome-terminal-server.service
Unit: user@1000.service
User Unit: gnome-terminal-server.service
Slice: user-1000.slice
Owner UID: 1000 (max)
Boot ID: bf4c79d72cca4a4786e217e13ea0f31c
Machine ID: 8466a4f6764d4d0b8fb5cb3903d9804c
Hostname: laptop
Storage: /var/lib/systemd/coredump/core.zsh.1000.bf4c79d72cca4a4786e217e13ea0f31c.3148.1499001797000000000000.lz4
Message: Process 3148 (zsh) of user 1000 dumped core.
Stack trace of thread 3148:
#0 0x00007ffff55e3b90 domenuselect (complist.so)
#1 0x000000000045dde9 runhookdef (zsh)
#2 0x00007ffff5e10567 after_complete (complete.so)
#3 0x00007ffff605fc05 docomplete (zle.so)
#4 0x00007ffff605bfd0 completecall (zle.so)
#5 0x00007ffff604b874 execzlefunc (zle.so)
#6 0x00007ffff604bc66 zlecore (zle.so)
#7 0x00007ffff604cb31 zleread (zle.so)
#8 0x0000000000448494 zleentry (zsh)
#9 0x00000000004499e5 ingetc.part.0 (zsh)
#10 0x00000000004417fb ihgetc (zsh)
#11 0x00000000004535b6 zshlex.part.1 (zsh)
#12 0x0000000000473136 parse_event (zsh)
#13 0x0000000000444faf loop (zsh)
#14 0x0000000000448b0e zsh_main (zsh)
#15 0x00007ffff70cd43a __libc_start_main (libc.so.6)
#16 0x000000000041032a _start (zsh)
Refusing to dump core to tty (use shell redirection or specify --output).
```
--
Regards
Maxime de Roucy
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] Fix complist menuselect segmentation fault
2017-07-04 11:40 ` Maxime de Roucy
@ 2017-07-04 12:24 ` Sebastian Gniazdowski
0 siblings, 0 replies; 5+ messages in thread
From: Sebastian Gniazdowski @ 2017-07-04 12:24 UTC (permalink / raw)
To: maxime.deroucy, zsh-workers
On 4 lipca 2017 at 13:40:16, Maxime de Roucy (maxime.deroucy@gmail.com) wrote:
> But for my part I experience it a lot (I use auto-completion menu a lot) :
Cool that it's found. I experienced it today 2nd time, after sending the core dump. It was, like before, a chaotic sequence of actions, so I never could reproduce – I only know that today I requested wrong completion from a function (my _zplugin) and was randomly cancelling, so I probably pressed ESC and Ctrl-C a few times.
--
Sebastian Gniazdowski
psprint /at/ zdharma.org
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-07-04 12:24 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <CGME20170702150008epcas3p3213f071ddf0b458c37812d0cb3ee03aa@epcas3p3.samsung.com>
2017-07-02 14:58 ` [PATCH] Fix complist menuselect segmentation fault Maxime de Roucy
2017-07-03 14:25 ` Peter Stephenson
2017-07-04 9:14 ` Sebastian Gniazdowski
2017-07-04 11:40 ` Maxime de Roucy
2017-07-04 12:24 ` Sebastian Gniazdowski
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).