Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: Probabilistic crash on zsh 5.9 on x86_64

X-seq: zsh-workers 51651
From: Peter Stephenson <p.w.stephenson@xxxxxxxxxxxx>
To: zsh-workers@xxxxxxx
Subject: Re: Probabilistic crash on zsh 5.9 on x86_64
Date: Thu, 13 Apr 2023 17:55:30 +0100 (BST)
Archived-at: <https://zsh.org/workers/51651>
Importance: Normal
In-reply-to: <852F8278-39A7-4305-91C1-B9788352E061@kba.biglobe.ne.jp>
List-id: <zsh-workers.zsh.org>
References: <tBWb5KtvEqjlaLFHtCcVrAmwPrj7aqaF50nYi_P69Xa6TiBh0ybu3JumnENwN5dGJJHi-unfO4E8igE27tXgSefdlNpUmOoAZ5fyBKSv2SU=@proton.me> <CAHYJk3QaY_ejw2gCw5d1BzyvB4W3EyU7cb1TWtZpRhx=QSpw+w@mail.gmail.com> <48A7DCE2-AEC1-4777-949C-50917EDCECB1@kba.biglobe.ne.jp> <5C4788C8-4E40-4565-AFE8-84D57949BC8C@ntlworld.com> <267594676.4158370.1681382869709@mail.virginmedia.com> <1621107110.4161180.1681384345108@mail.virginmedia.com> <78EBC2C7-5645-4D35-B285-F140228D444C@kba.biglobe.ne.jp> <1865187346.2010280.1681391961060@mail.virginmedia.com> <2083513891.2014577.1681394631032@mail.virginmedia.com> <852F8278-39A7-4305-91C1-B9788352E061@kba.biglobe.ne.jp>

> On 13/04/2023 17:40 Jun. T <takimoto-j@xxxxxxxxxxxxxxxxx> wrote:
> 
>  
> > 2023/04/13 23:03、Peter Stephenson <p.w.stephenson@xxxxxxxxxxxx>のメール:
> > 
> > Have a look at this --- it simply marks the prog in the shell function as
> > in use earlier and unmarks it later, so the shenanigans within to do
> > with traps all come out in the wash.  So, in theory, there's not much
> > to go wrong.  But let me know...
> 
> > +    marked_prog = shfunc->funcdef;
> > +    useeprog(marked_prog);
> (snip)
> > +    freeeprog(marked_prog);
> 
> Even with this, shfunc is still freed, although shfunc->funcdef is not freed.
> But doshfunc() continues to use shfunc, at lines 5854, 5954, 5957, etc.
> If it doesn't crash, it means the freed memory is not yet used by others.
> But I think this is unsafe, and valgrind gives lots of warnings.

OK, so the starttrapscope() just above that point is pulling the rug out
from under the function's feet.  We've looked up the TRAPEXIT function and
now that function's just been undefined.

So some better save / restore for the shell function is probably needed.

pws

Follow-Ups:
- Re: Probabilistic crash on zsh 5.9 on x86_64
  - From: Peter Stephenson

References:
- Probabilistic crash on zsh 5.9 on x86_64
  - From: zsh bug report throwaway email thing
- Re: Probabilistic crash on zsh 5.9 on x86_64
  - From: Mikael Magnusson
- Re: Probabilistic crash on zsh 5.9 on x86_64
  - From: Jun. T
- Re: Probabilistic crash on zsh 5.9 on x86_64
  - From: Peter Stephenson
- Re: Probabilistic crash on zsh 5.9 on x86_64
  - From: Peter Stephenson
- Re: Probabilistic crash on zsh 5.9 on x86_64
  - From: Peter Stephenson
- Re: Probabilistic crash on zsh 5.9 on x86_64
  - From: Jun. T
- Re: Probabilistic crash on zsh 5.9 on x86_64
  - From: Peter Stephenson
- Re: Probabilistic crash on zsh 5.9 on x86_64
  - From: Peter Stephenson
- Re: Probabilistic crash on zsh 5.9 on x86_64
  - From: Jun. T

Messages sorted by: Reverse Date, Date, Thread, Author