Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: Bug#251378: zsh: segfaults when globing includes too many files

X-seq: zsh-workers 20134
From: Clint Adams <schizo@xxxxxxxxxx>
To: zsh-workers@xxxxxxxxxx
Subject: Re: Bug#251378: zsh: segfaults when globing includes too many files
Date: Tue, 6 Jul 2004 14:59:26 -0400
Cc: Matt Zimmerman <mdz@xxxxxxxxxx>, 251378-forwarded@xxxxxxxxxxxxxxx, 251378-submitter@xxxxxxxxxx
In-reply-to: <20040706184752.GC1881@xxxxxxxxx>
Mailing-list: contact zsh-workers-help@xxxxxxxxxx; run by ezmlm
References: <20040528125647.GA21000@xxxxxxxxxxx> <20040528131425.GC2289@xxxxxxxxxx> <20040528135026.GA21637@xxxxxxxxxxx> <20040528135729.GD2289@xxxxxxxxxx> <20040528141431.GA30024@xxxxxxxxxxx> <20040528142505.GE2289@xxxxxxxxxx> <20040528174021.GA5975@xxxxxxxxxxx> <20040528190653.GA2661@xxxxxxxxxx> <20040706181235.GA32727@xxxxxxxxxxx> <20040706184752.GC1881@xxxxxxxxx>

I can't reproduce this yet, but some people are experiencing segfaults
when globbing in /usr/share/doc.  The source shown below includes 19920.
This also happens with HEAD, I think.

> Starting program: /tmp/zsh-4.2.0/obj/Src/zsh 
> Detaching after fork from child process 20721.
> Detaching after fork from child process 20722.
> Detaching after fork from child process 20727.
> mizar% pwd
> /usr/share/doc
> mizar% echo */NEWS.Debian.gz
> 
> Program received signal SIGSEGV, Segmentation fault.
> 0x08083bf5 in zhalloc (size=24) at ../../Src/mem.c:353
> 353                   ? fheap : heaps);
> (gdb) bt full
> #0  0x08083bf5 in zhalloc (size=24) at ../../Src/mem.c:353
>         h = 0x0
>         n = 134760347
> #1  0x0809e1e3 in dyncat (s1=0x80f8c68 "libxaw7/", 
>     s2=0x4033b284 "NEWS.Debian.gz") at ../../Src/string.c:100
> #2  0x080697ac in insert (s=0x4033b284 "NEWS.Debian.gz", checked=0)
>     at ../../Src/glob.c:354
>         mode = 0
>         buf = {st_dev = 18446743983515238399, __pad1 = 0, __st_ino = 0, 
>   st_mode = 0, st_nlink = 0, st_uid = 0, st_gid = 0, st_rdev = 0, __pad2 = 0, 
>   st_size = 580668550020314216, st_blksize = 135197432, 
>   st_blocks = 578791539786904216, st_atim = {tv_sec = 0, tv_nsec = 16773484}, 
>   st_mtim = {tv_sec = 1074462924, tv_nsec = -1073745600}, st_ctim = {
>     tv_sec = 1073773132, tv_nsec = 1074516176}, st_ino = 134548048}
>         buf2 = {st_dev = 18446744070491746320, __pad1 = 61560, 
>   __st_ino = 134757276, st_mode = 0, st_nlink = 32768, st_uid = 3, 
>   st_gid = 34, st_rdev = 4294967295, __pad2 = 0, 
>   st_size = 4626375562493952255, st_blksize = 1077162000, 
>   st_blocks = 578789229094498904, st_atim = {tv_sec = 1077161984, 
>     tv_nsec = 16384}, st_mtim = {tv_sec = 15704, tv_nsec = 0}, st_ctim = {
>     tv_sec = 0, tv_nsec = 180}, st_ino = 544426120}
>         bp = (struct stat *) 0x40343000
>         news = 0x4033b284 "NEWS.Debian.gz"
>         statted = 1
> #3  0x08069bae in scanner (q=0x4033b298) at ../../Src/glob.c:514
>         err = 23
>         str = 0x4033b284 "NEWS.Debian.gz"
>         l = -16777216
>         p = 0x4033b260
>         closure = 0
>         pbcwdsav = 0
>         errssofar = 0
>         ds = {dirfd = -1, level = -1, dirname = 0x0, dev = 0, ino = 0}
> #4  0x08069f63 in scanner (q=0x4033b250) at ../../Src/glob.c:615
>         oppos = 0
>         fn = 0x40347037 "libart2"
>         dirs = 1
>         lock = (DIR *) 0x80f9c70
>         subdirs = 0x40347010 "libxft2"
>         subdirlen = 27779
>         p = 0x4033b220
>         closure = 0
>         pbcwdsav = 0
>         errssofar = 0
>         ds = {dirfd = -1, level = -1, dirname = 0x0, dev = 0, ino = 0}
> #5  0x0806b1e4 in zglob (list=0x4033b1c8, np=0x4033b250, nountok=0)
>     at ../../Src/glob.c:1575
>         qfirst = (struct qual *) 0x17
>         qlast = (struct qual *) 0x404
>         islast = 16
>         qorhead = (struct qual *) 0x8
>         qortail = (struct qual *) 0x0
>         newquals = (struct qual *) 0x0
>         s = 0x40386798 "\234�\002"
>         data = 1077129808
>         sdata = 0x0
>         newcolonmod = 0x0
>         func = (int (*)(char *, Statptr, off_t, char *)) 0x10
>         sense = 0
>         paren = 1077161984
>         qo = (struct qual *) 0x0
>         qn = (struct qual *) 0x0
>         ql = (struct qual *) 0x0
>         node = 0x4033b1d0
>         str = 0x4033b208 "\207/NEWS.Debian.gz"
>         q = 0x4033b250
>         ostr = 0x4033b1f0 "\207/NEWS.Debian.gz"
>         first = 0
>         end = -1
>         saved = {gd_pathpos = 0, gd_pathbuf = 0x0, gd_matchsz = 0, 
>   gd_matchct = 0, gd_pathbufsz = 0, gd_pathbufcwd = 0, gd_matchbuf = 0x0, 
>   gd_matchptr = 0x0, gd_colonmod = 0x0, gd_quals = 0x0, gd_qualct = 0, 
>   gd_qualorct = 0, gd_range = 0, gd_amc = 0, gd_units = 0, gd_gf_nullglob = 0, 
>   gd_gf_markdirs = 0, gd_gf_noglobdots = 0, gd_gf_listtypes = 0, 
>   gd_gf_numsort = 0, gd_gf_follow = 0, gd_gf_sorts = 0, gd_gf_nsorts = 0, 
>   gd_gf_sortlist = {0 <repeats 11 times>}, gd_glob_pre = 0x0, 
>   gd_glob_suf = 0x0}
>         nobareglob = 0
> #6  0x0809ee32 in globlist (list=0x4033b1c8, nountok=0)
>     at ../../Src/subst.c:243
>         node = 0x17
>         next = 0x0
> #7  0x08065136 in execcmd (state=0xbffff730, input=0, output=0, how=18, 
>     last1=2) at ../../Src/exec.c:2163
>         pid = -1073744568
>         synch = {-1073744384, 18}
>         dummy = -1 '�'
>         hn = 0x80b70b0
>         node = 0x0
>         fn = 0x0
>         mfds = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}
>         text = 0x80c2aa0 "echo */NEWS.Debian.gz"
>         save = {-2, -2, -2, -2, -2, -2, -2, -2, -2, -2}
>         fil = 1077129672
>         dfil = 0
>         is_cursh = 1077129672
>         type = 6
>         do_exec = 0
>         i = 0
>         htok = 1
>         nullexec = 0
>         assign = 0
>         forked = 0
>         is_shfunc = 0
>         is_builtin = 1
>         is_exec = 0
>         use_defpath = 0
>         cflags = 0
>         checked = 1077129672
>         oautocont = 0
>         redir = 0x0
>         code = 4278190080
>         beg = 0x4033b19c
>         varspc = 0x0
>         oxtrerr = (FILE *) 0x401dce80
> #8  0x08062efd in execpline2 (state=0xbffff730, pcode=195, how=18, input=0, 
>     output=0, last1=0) at ../../Src/exec.c:1276
>         pid = 195
>         pipes = {1, 1075723964}
> #9  0x08062591 in execpline (state=0xbffff730, slcode=4098, how=18, last1=0)
>     at ../../Src/exec.c:1066
>         ipipe = {0, 0}
>         opipe = {0, 0}
>         pj = 0
>         newjob = 1
>         old_simple_pline = 0
>         slflags = 0
>         code = 195
>         lastwj = 0
>         lpforked = 0
> #10 0x08062300 in execlist (state=0xbffff730, dont_change_job=0, exiting=0)
>     at ../../Src/exec.c:872
>         errreturn = -16777216
>         donetrap = 0
>         next = 0x4033b1a8
>         code = 1077161984
>         ret = 0
>         cj = 0
>         csp = 0
>         ltype = 18
>         old_pline_level = 0
>         old_list_pipe = 0
>         oldlineno = 3
>         oldnoerrexit = 0
> #11 0x08061dbc in execode (p=0x4033b168, dont_change_job=23, exiting=23)
>     at ../../Src/exec.c:773
>         s = {prog = 0x4033b168, pc = 0x4033b1a8, strs = 0x4033b1ac "echo"}
> #12 0x080747f6 in loop (toplevel=1, justonce=0) at ../../Src/init.c:165
>         toksav = 1
>         preprog = 0x80cc760
>         prog = 0x4033b168
> #13 0x080770a2 in zsh_main (argc=1, argv=0xbffff854) at ../../Src/init.c:1274
>         arg0 = 0x3e8 <Address 0x3e8 out of bounds>
>         t = (char **) 0x3e8
>         t0 = -16777216
> #14 0x080522fb in main (argc=23, argv=0x17) at ../../Src/main.c:37
> No locals.

Follow-Ups:
- Re: Bug#251378: zsh: segfaults when globing includes too many files
  - From: Peter Stephenson
- Re: Bug#251378: zsh: segfaults when globing includes too many files
  - From: Clint Adams

Messages sorted by: Reverse Date, Date, Thread, Author