Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: [BUG] Crash due to malloc call in signal handler

X-seq: zsh-workers 45012
From: Peter Stephenson <p.stephenson@xxxxxxxxxxx>
To: <zsh-workers@xxxxxxx>
Subject: Re: [BUG] Crash due to malloc call in signal handler
Date: Fri, 13 Dec 2019 09:40:01 +0000
Cms-type: 201P
Dkim-filter: OpenDKIM Filter v2.11.0 mailout2.w1.samsung.com 20191213094003euoutp02abe54dc720972e8cbcf46c86db85b3e0~f5NY1BWTe0284802848euoutp02B
In-reply-to: <2022943386.989309814.1576175339554.JavaMail.root@zimbra62-e11.priv.proxad.net>
List-help: <mailto:zsh-workers-help@zsh.org>
List-id: Zsh Workers List <zsh-workers.zsh.org>
List-post: <mailto:zsh-workers@zsh.org>
List-unsubscribe: <mailto:zsh-workers-unsubscribe@zsh.org>
Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm
References: <CGME20191212182957epcas5p48645aa560e781ac1c34f00662a6d6176@epcas5p4.samsung.com> <2022943386.989309814.1576175339554.JavaMail.root@zimbra62-e11.priv.proxad.net>

On Thu, 2019-12-12 at 19:28 +0100, Antoine C. wrote:
> Hello,
> 
> I finally found the cause of the frequent crashes I reported one
> year ago ( https://protect2.fireeye.com/url?k=605d4b55-3d89f611-605cc01a-0cc47a31381a-5ceba38dc2a22d2c&u=https://www.zsh.org/mla/workers/2019/msg00059.html ).
> 
> This is due to malloc calls from signal handler, for instance:
> 
> #0  tcache_get (tc_idx=17) at malloc.c:2943
> #1  __GI___libc_malloc (bytes=296) at malloc.c:3050
> #2  0x000055c2217b27b5 in malloc (size=8) at ./main.c:255
> #3  0x000055c2218166f9 in zalloc (size=8) at mem.c:966
> #4  0x000055c221806da2 in addbgstatus (pid=11959, status=0) at jobs.c:2192
> #5  0x000055c2218478e7 in wait_for_processes () at signals.c:583
> #6  0x000055c221847cdc in zhandler (sig=17) at signals.c:648
> #7  <signal handler called>
> #8  0x00007f8895b69209 in __GI___sigsuspend (set=0x7ffe759b7160) at ../sysdeps/unix/sysv/linux/sigsuspend.c:26
> #9  0x000055c221847376 in signal_suspend (sig=17, wait_cmd=1) at signals.c:393
> #10 0x000055c2218054e8 in waitforpid (pid=11953, wait_cmd=1) at jobs.c:1551
> #11 0x000055c221807a10 in bin_fg (name=0x7f8896af4798 "wait", argv=0x7f8896af4830, ops=0x7ffe759b75c0, func=4) at jobs.c:2371

The main shell is suspended, waiting for a child to finish, so the fact
it's in the signal handler isn't saying anything.

From the look of it, some memory corruption must already have occurred
at this point to get the malloc to fail.

pws

Follow-Ups:
- Re: [BUG] Crash due to malloc call in signal handler
  - From: Roman Perepelitsa

References:
- [BUG] Crash due to malloc call in signal handler
  - From: Antoine C.

Messages sorted by: Reverse Date, Date, Thread, Author