Re: core dump with completion

[Sven Wischnowsky <wischnow@xxxxxxxxxxxxxxxxxxxxxxx>]

Tanaka Akira wrote:

> In article <200001261009.LAA16179@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
>   Sven Wischnowsky <wischnow@xxxxxxxxxxxxxxxxxxxxxxx> writes:
> 
> > But I can't repeat the bug. Tanaka, can you try it using --enable-zsh-mem,
> > --enable-secure-free and --enable-mem-warining? That may (or may not)
> > give us more information where it is actually failing. Also: does it
> > use mmap for heaps on Solaris 7?
> 
> zsh built with 
>   ./configure --prefix=/space/akr/zsh/tmp --enable-zsh-debug --enable-zsh-mem-debug --enable-zsh-mem --enable-secure-free --enable-mem-warining
> doesn't dump core.  It seems to work well.
> 
> Since `egrep 'HAVE_SYS_MMAN_H|HAVE_MMAP|HAVE_MUNMAP' config.h' says
> follows, mmap is used, maybe.
> 
> #define HAVE_MMAP 1
> #define HAVE_MUNMAP 1
> #define HAVE_SYS_MMAN_H 1
> 
> Also note that I found zsh patched upto 9419 doesn't have the problem.
> So I suspect the problem is related to 9421.

That was a hint... I still couldn't reproduce it (of course, that
would have been too easy, sigh), but I found a place where freed
memory was accessed. So, if the allocator somehow re-uses the
memory...

The last hunk makes zsh use heap memory when listing the completions,
Tanaka, could you please try it without that hunk? To see if the other
stuff fixes the bug.

Bye
 Sven

diff -ru ../z.old/Src/Zle/complete.c Src/Zle/complete.c
--- ../z.old/Src/Zle/complete.c	Fri Jan 28 14:08:53 2000
+++ Src/Zle/complete.c	Fri Jan 28 14:45:44 2000
@@ -1026,7 +1026,7 @@
 
     comprpms[CPN_COMPSTATE] = cpm;
     tht = paramtab;
-    cpm->level = locallevel;
+    cpm->level = locallevel + 1;
     cpm->gets.hfn = get_compstate;
     cpm->sets.hfn = set_compstate;
     cpm->unsetfn = compunsetfn;
@@ -1146,8 +1146,24 @@
 	    }
 	}
     } else if (PM_TYPE(pm->flags) == PM_HASHED) {
+	Param *p;
+	int i;
+
 	deletehashtable(pm->u.hash);
 	pm->u.hash = NULL;
+
+	for (p = compkpms, i = CP_KEYPARAMS; i--; p++)
+	    *p = NULL;
+    }
+    if (!exp) {
+	Param *p;
+	int i;
+
+	for (p = comprpms, i = CP_REALPARAMS; i; p++, i--)
+	    if (*p == pm) {
+		*p = NULL;
+		break;
+	    }
     }
 }
 
@@ -1159,18 +1175,22 @@
 
     if (comprpms && (rset >= 0 || runset >= 0)) {
 	for (p = comprpms; rset || runset; rset >>= 1, runset >>= 1, p++) {
-	    if (rset & 1)
-		(*p)->flags &= ~PM_UNSET;
-	    if (runset & 1)
-		(*p)->flags |= PM_UNSET;
+	    if (*p) {
+		if (rset & 1)
+		    (*p)->flags &= ~PM_UNSET;
+		if (runset & 1)
+		    (*p)->flags |= PM_UNSET;
+	    }
 	}
     }
-    if (comprpms && (kset >= 0 || kunset >= 0)) {
+    if (compkpms && (kset >= 0 || kunset >= 0)) {
 	for (p = compkpms; kset || kunset; kset >>= 1, kunset >>= 1, p++) {
-	    if (kset & 1)
-		(*p)->flags &= ~PM_UNSET;
-	    if (kunset & 1)
-		(*p)->flags |= PM_UNSET;
+	    if (*p) {
+		if (kset & 1)
+		    (*p)->flags &= ~PM_UNSET;
+		if (kunset & 1)
+		    (*p)->flags |= PM_UNSET;
+	    }
 	}
     }
 }
diff -ru ../z.old/Src/Zle/compresult.c Src/Zle/compresult.c
--- ../z.old/Src/Zle/compresult.c	Fri Jan 28 14:08:54 2000
+++ Src/Zle/compresult.c	Fri Jan 28 14:50:19 2000
@@ -1828,19 +1828,24 @@
 list_matches(Hookdef dummy, void *dummy2)
 {
     struct chdata dat;
+    int ret;
 
+    HEAPALLOC {
 #ifdef DEBUG
-    /* Sanity check */
-    if (!validlist) {
-	showmsg("BUG: listmatches called with bogus list");
-	return 1;
-    }
+	/* Sanity check */
+	if (!validlist) {
+	    showmsg("BUG: listmatches called with bogus list");
+	    return 1;
+	}
 #endif
 
-    dat.matches = amatches;
-    dat.num = nmatches;
-    dat.cur = NULL;
-    return runhookdef(COMPLISTMATCHESHOOK, (void *) &dat);
+	dat.matches = amatches;
+	dat.num = nmatches;
+	dat.cur = NULL;
+	ret = runhookdef(COMPLISTMATCHESHOOK, (void *) &dat);
+    } LASTALLOC;
+
+    return ret;
 }
 
 /* Invalidate the completion list. */

--
Sven Wischnowsky                         wischnow@xxxxxxxxxxxxxxxxxxxxxxx