Re: Complicated segfault regression

[Bart Schaefer <schaefer@xxxxxxxxxxxxxxxx>]

On Jul 2, 11:36pm, Martijn Dekker wrote:
}
} The following code block makes zsh 5.0.8 and current git zsh segfault
} reliably. It's now completely non-operational because I've tried to
} reduce it to the minimum necessary to make zsh crash.

So I tried executing this code from the shell prompt instead of as as
script, with debugging output enabled.  Following the "fi" I get:

Src/text.c:970: unknown word code in gettext2()

If I'm in GDB, I then immediately get a segfault on the following ":"
command.  I don't expect this stack trace is much help because the
problem has already happened during parsing the preceding block, but:

#0  0x008f228b in strlen () from /lib/tls/libc.so.6
#1  0x080c5df4 in taddstr (s=0xd5f29f7a <Address 0xd5f29f7a out of bounds>)
    at ../../zsh-5.0/Src/text.c:125
#2  0x080c5ff4 in taddassign (code=1600348549, state=0xbfe831d0, typeset=0)
    at ../../zsh-5.0/Src/text.c:181
#3  0x080c69a6 in gettext2 (state=0xbfe831d0) at ../../zsh-5.0/Src/text.c:484
#4  0x080c63d4 in getjobtext (prog=0xb7d945d8, c=0xb7d9460c)
    at ../../zsh-5.0/Src/text.c:314

If NOT in GDB, I don't get a crash, instead I get an infinite loop printing

Src/text.c:49: attempting to decrement tindent below zero


I can remove the "if" test and have only the "for ... case" and still
get this:

Src/text.c:970: unknown word code in gettext2()

And if I add the opening parens to the case patterns, I get an infinite
loop in gettext2() [never breaks out of the while(1) loop at line 396].

(s = tstack) is always true at 398; s->pop is always false at 400;
wc_code(code) is always WC_END passing through line 967 which sets
stack = 1 and we repeat at line 397 forever.

So this has to have something to do with the updated parsing of (x|y)
expressions in cond statements.