Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

[BUG] Solaris-specific program flow corruption after subshell error exit



Modernish (cross-platform POSIX shell library with ambitions to become
modernizr/jQuery for the shell) is finally getting near a first testing
release, so I'm doing testing on all shell/OS combinations I can get my
hands on.

In the course of that testing I've come across a zsh bug that *only*
manifests on Solaris, at least version 11.3. (A free VirtualBox VM for
evaluation purposes is available from Oracle.)

If a subshell exits due to an error in a special builtin or redirection,
execution flow is corrupted in such a manner that, when end of file is
reached without an explicit 'return' or 'exit' being encountered,
execution of the file does not end but restarts at the point exactly
after the subshell was exited. The second time around, if program
specifics allow it, execution ends normally.

The bug only manifests if POSIXBUILTINS is active, and only on Solaris.
I confirmed the bug on zsh 5.0.7 (as shipped by default), zsh 5.2
(package available from Oracle), *and* today's current git version
(compiled myself, obviously). So it appears to be long-standing.

Test script:

# Bug only occurs with POSIXBUILTINS active.
setopt POSIXBUILTINS
# Execution counter.
count=0
# Exiting from a subshell due to an error triggers the bug.
(set -o nonexistent_@_option) 2>/dev/null
# With the bug, this will be executed twice so 'let' returns true.
let "(count += 1) > 1" && echo "BUG DETECTED"
# EOF. To trigger the bug, don't explicitly exit or return.

Save and run with "zsh test.zsh". On Solaris, it outputs "BUG DETECTED".
On any other OS, it outputs nothing.

Interestingly, a sourced dot script will trigger the bug just as cleanly
as a standalone script, so it is possible to test for the bug from
another program without affecting that program.

Actually, things get *really* interesting if you add "return" to the end
of the test script and source it from another script as a dot script. In
that case, the bug appears to "move up" in the calling hierarchy; that
is, if the file sourcing this test script (with the extra "return") ends
execution due to end of file (i.e. no "return" or "exit"), its execution
resumes to just after the command that sourced this file.

(This is how I initially encountered the bug: when I tried 'modernish
--test', zsh 5.0.7 on Solaris would mysteriously try to run the test
suite twice. Which was "interesting" to track down, to say the least.)

Good luck with this one. Let me know if you need me to do anything
specific to help track it down.

- M.



Messages sorted by: Reverse Date, Date, Thread, Author