Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Re: Complex config triggering Segfault in pattern matching code.



Hello everyone,

So, I ran ZSH for over 48 hours, and it finally crashed. I don't know
if it was the normal crashes I'm seeing because valgrind seems to have
rendered all of my tests useless. (Also, it gobbled up all of my RAM,
so I can't tell if that's why it crashed).

Attached is the STDERR from "valgrind -q --trace-children=yes
--track-origins=yes"

A lot of errors seem to have cropped up.





On Mon, Dec 15, 2014 at 3:39 PM, Bart Schaefer
<schaefer@xxxxxxxxxxxxxxxx> wrote:
> On Dec 15,  1:20pm, Jonathan H wrote:
> }
> } It usually is, but for some reason I can't get it to crash in
> } valgrind.
>
> That'll happen sometimes if the error is related to a signal being
> handled or something like that.  Zsh isn't internally "multi-threaded"
> so the only source of race conditions is signals (including child
> process exits).
>
> } Anyway, here's the STDERR from "valgrind -v -v".
>
> That's probably more detail than is useful -- in fact, just "valgrind -q"
> would probably suffice if you're going to run it for a long time.
>
> } It shows some errors
> } or something so maybe it's still of use. I'll post if I can get it to
> } crash though.
>
> ==7806== 1 errors in context 1 of 2:
> ==7806== Source and destination overlap in strcpy(0x402bd24, 0x402bd51)
> ==7806==    at 0x4C2D766: __GI_strcpy (in
> /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==7806==    by 0x488CD0: stringsubst (subst.c:301)
>
> We can fix that one:
>
> diff --git a/Src/subst.c b/Src/subst.c
> index 43932c2..4100803 100644
> --- a/Src/subst.c
> +++ b/Src/subst.c
> @@ -298,7 +298,7 @@ stringsubst(LinkList list, LinkNode node, int pf_flags, int asssub)
>             if (endchar == Outpar)
>                 str2--;
>             if (!(s = (char *) ugetnode(pl))) {
> -               str = strcpy(str2, str);
> +               str = (char *)memmove(str2, str, strlen(str)+1);
>                 continue;
>             }
>             if (!qt && (pf_flags & PREFORK_SINGLE) && isset(GLOBSUBST))
>
>
> ==7806== 2 errors in context 2 of 2:
> ==7806== Conditional jump or move depends on uninitialised value(s)
> ==7806==    at 0x65A79E7: execzlefunc (zle_main.c:1360)
> ==7806==    by 0x65B8B2C: bin_zle_call (zle_thingy.c:711)
>
> I have no idea what to do with that one; that line is:
>
>         Shfunc shf = (Shfunc) shfunctab->getnode(shfunctab, w->u.fnnam);
>
>

Attachment: zsh_valgrind2.log
Description: Binary data



Messages sorted by: Reverse Date, Date, Thread, Author