Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Certain pattern causing shell to crash



Hi,

Sourcing following function in a clean shell (zsh -f) followed by which
or tab completion is causing shell to segfault

=================
view () {
        if [[ -z $1 ]]
        then
                ranger ~/Documents
        elif [[ $1 =~ ^http:* ]]
        then
url=${1#*=} dest="$HOME/Documents/${1##*/}" wget -c --content-disposition -O - -q $url > $dest
                detach mupdf -r 143 $dest
        else
                detach mupdf -r 143 "$@"
        fi
}
======================================

After sourcing this function, something like view <tab><tab> or which
view is crashing the shell. Surprisingly, view xyz.pdf is not crashing
the shell.

The pattern causing the crash is '=~'. To reproduce, it should be run
non-interactively and with arguments (atleast this is how I was able to
do)

Also, this can be reproduced on latest zsh git.

Also I am attaching the full backtrace from the core file.


-----------------
[New Thread 14706]
Core was generated by `zsh -f'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007f35abeb75b2 in strlen () from /lib/libc.so.6

Thread 1 (Thread 14706):
#0  0x00007f35abeb75b2 in strlen () from /lib/libc.so.6
No symbol table info available.
#1  0x0000000000498214 in taddstr (s=0x25f1e4dd <Address 0x25f1e4dd out of bounds>) at text.c:115
        sl = 0
        c = -106 '\226'
#2  0x0000000000498380 in taddlist (state=0x7fffd39791f0, num=66) at text.c:141
No locals.
#3  0x0000000000498d59 in gettext2 (state=0x7fffd39791f0) at text.c:460
        p = 0x71c79c
        end = 0xde3a10
        s = 0x0
        n = 0x74e300
        stack = 0
        code = 56857514
#4  0x00000000004984d8 in getpermtext (prog=0x6e9988, c=0x71c738, start_indent=1) at text.c:192
        s = {prog = 0x6e9988, pc = 0x71c84c, strs = 0x71c844 "ranger"}
#5  0x000000000043ebb4 in printshfuncnode (hn=0x6e9950, printflags=32) at hashtable.c:923
        f = 0x6e9950
        t = 0x0
#6  0x000000000041ce06 in bin_whence (nam=0x7f35acccb8a0 "which", argv=0x7fffd39794b0, ops=0x7fffd39794e0, func=0) at builtin.c:3181
        suf = 0x0
        hn = 0x6e9950
        pprog = 0x0
        returnval = 0
        printflags = 32
        aliasflags = 32
        csh = 1
        all = 0
        v = 0
        wd = 0
        informed = 0
        cnam = 0x400000000 <Address 0x400000000 out of bounds>
#7  0x00000000004109ce in execbuiltin (args=0x7f35acccb858, bn=0x6c4a80) at builtin.c:450
        argarr = 0x7fffd39794b0
        argv = 0x7fffd39794b0
        pp = 0x4a7b7e ""
        name = 0x7f35acccb8a0 "which"
        optstr = 0x4a7b77 "ampsw"
        flags = 8
        sense = 0
        argc = 1
        execop = -745040496
        xtr = 0
        ops = {ind = '\000' <repeats 99 times>, "\001", '\000' <repeats 27 times>, args = 0x0, argscount = 0, argsalloc = 0}
#8  0x0000000000430ed0 in execcmd (state=0x7fffd3979d00, input=0, output=0, how=18, last1=2) at exec.c:3173
        restorelist = 0x0
        removelist = 0x0
        hn = 0x6c4a80
        args = 0x7f35acccb858
        node = 0x7f35acccb7b0
        fn = 0x0
        mfds = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}
        text = 0x6d1d60 "which view"
        save = {-2, -2, -2, -2, -2, -2, -2, -2, -2, -2}
        fil = 0
        dfil = 4818371
        is_cursh = 1
        type = 6
        do_exec = 0
        i = 10
        htok = 0
        nullexec = 0
        assign = 0
        forked = 0
        is_shfunc = 0
        is_builtin = 1
        is_exec = 0
        use_defpath = 0
        cflags = 0
        checked = 1
        oautocont = -1
        redir = 0x0
        code = 70
        beg = 0x7f35acccb7f4
        varspc = 0x0
        oxtrerr = 0x7f35ac192880
        newxtrerr = 0x0
#9  0x000000000042c6ea in execpline2 (state=0x7fffd3979d00, pcode=451, how=18, input=0, output=0, last1=0) at exec.c:1632
        pid = 0
        pipes = {-745039200, 32767}
#10 0x000000000042b83b in execpline (state=0x7fffd3979d00, slcode=4098, how=18, last1=0) at exec.c:1416
        ipipe = {0, 0}
        opipe = {0, 0}
        pj = 0
        newjob = 1
        old_simple_pline = 0
        slflags = 0
        code = 451
        lastwj = 0
        lpforked = 0
#11 0x000000000042aeed in execlist (state=0x7fffd3979d00, dont_change_job=0, exiting=0) at exec.c:1199
        donedebug = 0
        donetrap = 0
        next = 0x7f35acccb800
        code = 4098
        ret = 32565
        cj = 0
        csp = 0
        ltype = 18
        old_pline_level = 0
        old_list_pipe = 0
        oldlineno = 7
        oldnoerrexit = 0
#12 0x000000000042a95f in execode (p=0x7f35acccb7b0, dont_change_job=0, exiting=0, context=0x4ac377 "toplevel") at exec.c:1020
        s = {prog = 0x7f35acccb7b0, pc = 0x7f35acccb800, strs = 0x7f35acccb804 "which"}
        zsh_eval_context_len = 16
        alen = 0
#13 0x000000000044809c in loop (toplevel=1, justonce=0) at init.c:185
        toksav = 1
        prog = 0x7f35acccb7b0
        err = 0
        non_empty = 1
#14 0x000000000044b22a in zsh_main (argc=2, argv=0x7fffd3979ee8) at init.c:1508
        t = 0x7fffd3979ef8
        runscript = 0x0
        t0 = 158
#15 0x000000000040fed4 in main (argc=2, argv=0x7fffd3979ee8) at ./main.c:93
No locals.


Messages sorted by: Reverse Date, Date, Thread, Author