Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: 3.1.6-bart-8: BUG: bad node type in freenode() [and others]

X-seq: zsh-workers 8721
From: Sven Wischnowsky <wischnow@xxxxxxxxxxxxxxxxxxxxxxx>
To: zsh-workers@xxxxxxxxxxxxxx
Subject: Re: 3.1.6-bart-8: BUG: bad node type in freenode() [and others]
Date: Mon, 22 Nov 1999 12:44:54 +0100 (MET)
In-reply-to: "Bart Schaefer"'s message of Sat, 20 Nov 1999 22:58:47 +0000
Mailing-list: contact zsh-workers-help@xxxxxxxxxxxxxx; run by ezmlm

Bart Schaefer wrote:

> I've just spent the last hour trying to narrow this down, without much
> success.  It appears to have something to do with executing the trap at
> function exit that is defined by
> 
> 	trap "$r ; trap - 0 2 3 15 ZERR ; return 1" 0 2 3 15 ZERR
> 
> but there must be something else involved because I can't reproduce it
> with a function that has only such a trap.
> 
> This is confounded by the fact that using "shift" during a "while getopts"
> loop appears to cause some sort of confusion; maybe the two together are
> what triggers the bug, or maybe it has something to do with "compctl -T",
> which is also used in the attached sample function.

As far as I can see this is caused by dosavetrap() storing the pointer 
to the trap code in its savetrap struct and then calling unsettrap()
(which calls freestruct()). Later the saved pointer is re-installed
and even later it is freed again. Boom.

I'm not entirely sure that the patch below is the right thing to do
(I'm never really sure about that part of the code). But this gives me 
the opportunity to mention something else from my list which I wanted
to ask Peter about:

Some time ago Clint Adams wrote (in 8457):

> % TRAPEXIT() { print boom }
> % exit
> boom
> zsh: 8101 segmentation fault (core dumped)  zsh -f
> 
> 
> Reversing the removehashnode hunk in 7349 fixes this,
> but of course the TRAPQUIT example now segfaults.
> 
> What to do?

I answered this with (in 8473):

> The problem occurred as soon as a functions was called...
> 
> The problem was that `dosavetrap()' when called from `starttrapscope()' 
> removed the definition for `TRAPEXIT()' but didn't reset the entry for 
> it in `sigtrapped[]'. In `endtrapscope()' we tested `sigtrapped[SIGEXIT]' 
> which was still `!= 0' even though we had removed the handler function. 
> Then we tried to get the function definition, got a NULL pointer and
> later tried to execute that. Bang.
> 
> 
> This patch resets the `sigtrapped[]' entry in `dosavetrap()'. I'm not
> sure if this is enough, maybe we have to execute some code from
> `unsettrap()' there, too. So I think the final solution has to wait
> until Peter reappears.

So... Peter?

Bye
 Sven

P.S.: Hello Peter, welcome back.

diff -u oldsrc/signals.c Src/signals.c
--- oldsrc/signals.c	Mon Nov 22 10:49:26 1999
+++ Src/signals.c	Mon Nov 22 12:44:36 1999
@@ -666,6 +666,7 @@
 	st->list = removehashnode(shfunctab, func);
     } else {
 	st->list = sigfuncs[sig];
+	sigfuncs[sig] = NULL;
 	unsettrap(sig);
     }
     sigtrapped[sig] = 0;

--
Sven Wischnowsky                         wischnow@xxxxxxxxxxxxxxxxxxxxxxx

Messages sorted by: Reverse Date, Date, Thread, Author