Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: A weird bug

X-seq: zsh-workers 9999
From: "Bart Schaefer" <schaefer@xxxxxxxxxxxxxxxxxxxxxxx>
To: zsh-workers@xxxxxxxxxxxxxxx
Subject: Re: A weird bug
Date: Tue, 7 Mar 2000 05:53:10 +0000
In-reply-to: <mvb66v0f01l.fsf@xxxxxxxxxxxxxxxxxxxx>
Mailing-list: contact zsh-workers-help@xxxxxxxxxxxxxx; run by ezmlm
References: <mvb66v0f01l.fsf@xxxxxxxxxxxxxxxxxxxx>

On Mar 6,  7:03pm, Alexandre Duret-Lutz wrote:
} Subject: A weird bug
}
} phobos% zcompile foo file.bug
} zsh: segmentation fault (core dumped)  zsh -f

This looks to be a parser bug, not a compilation bug.  Try

    fpath=($PWD)
    autoload +X file.bug

and you'll get the same crash.  The problem is that ecadd() is running
over the end of ecbuf[], apparently because of an off-by-one error in
the value of ecfree.  But there are so many places in parse.c where
ecused is modified (usually decremented, but incremented in ecispace())
without also modifying ecfree that I'm not sure what the relationship
between the two is supposed to be.

I discovered this by setting watchpoints in gdb.  I attempted to use
ElectricFence, but it's nearly useless for zsh because of the heap; it
can't see overruns that are inside the large heap spaces that zsh pre-
allocates.

-- 
Bart Schaefer                                 Brass Lantern Enterprises
http://www.well.com/user/barts              http://www.brasslantern.com

References:
- A weird bug
  - From: Alexandre Duret-Lutz

Messages sorted by: Reverse Date, Date, Thread, Author