Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Segfault on =() expansion

X-seq: zsh-workers 25565
From: "Mikael Magnusson" <mikachu@xxxxxxxxx>
To: zsh-workers <zsh-workers@xxxxxxxxxx>
Subject: Segfault on =() expansion
Date: Sun, 31 Aug 2008 10:39:35 +0200
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type:content-transfer-encoding :content-disposition; bh=zKh8HaciZekBbJVafryZ3fQ/ZRutI5qwTsqblIxWeWs=; b=edDkWbamnr9wpwsKcshavSz/ZlgWk3MEo6t1VzcV2R1mD6ViZsuAmH6nLIvscAI+xv ykkFGUQ5zY6Vru8H31762268Kh4NH2HjbD5GLlqSjJJOWAjJjEYfhliF4m56ujWDSwOa ddP9GotbOooPp/GAAZsFf6etm7TirydjXku0s=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type :content-transfer-encoding:content-disposition; b=Lt1zZt9XJQ2G4P2i/RMFLleBJChgGrDPVuGgopQCFZGM5M9CbjeXKgaao9ZgcPz9T+ 6fcLAaCA2DUrya1LDZ1FcDzVVcH49hvu0bNYwAFvnOe5w+ry42WgBJkuMTomdgTSHGwT xZFmOtVwLh0+rYWajYBq9mjdi2bzm8PYgjDKU=
Mailing-list: contact zsh-workers-help@xxxxxxxxxx; run by ezmlm

I could reproduce this on all my remote ssh shells, ranging from 4.2.3
to my local current cvs.

% a==(echo foo); : & cat $a
[1] 14645
foo
%
[1]  + done       :
% a==(echo foo); : & cat $a
zsh: segmentation fault  zsh -f

Let's see if I can get a backtrace... *waits for recompile*.

Program received signal SIGSEGV, Segmentation fault.
0x0806d364 in untokenize (s=0x0) at exec.c:1639
1639	    if (*s) {
(gdb) bt full
#0  0x0806d364 in untokenize (s=0x0) at exec.c:1639
No locals.
#1  0x0806e224 in addvars (state=0xafc54c5c, pc=0xa7bd35e0,
addflags=0) at exec.c:2068
	pm = (Param) 0x80ac572
	val = 0xc <Address 0xc out of bounds>
	allexp = 0
	myflags = 0
	vl = (LinkList) 0xafc54b34
	xtr = 0
	isstr = 1
	htok = 1
	arr = (char **) 0xafc54bb0
	ptr = (char **) 0x0
	name = 0xa7bd3660 "a"
	flags = 0
	opc = (Wordcode) 0xa7bd35e4
	ac = 5
	svl = {list = {first = 0xafc54b28, last = 0xafc54b28, flags = 0}, node = {
    next = 0xafc54b28, prev = 0xafc54b28, dat = 0x0}}
	__n0 = {next = 0x0, prev = 0xafc54b34, dat = 0x0}
#2  0x0806b7c1 in execsimple (state=0xafc54c5c) at exec.c:992
	code = 5
	lv = 1
#3  0x0806ba68 in execlist (state=0xafc54c5c, dont_change_job=0,
exiting=0) at exec.c:1094
	donedebug = 0
	next = (Wordcode) 0xa7bd35f0
	code = 11329
	ret = 1103269876
	cj = -1
---Type <return> to continue, or q <return> to quit---
	csp = 0
	ltype = 354
	old_pline_level = 0
	old_list_pipe = 0
	oldlineno = 4
	oldnoerrexit = 0
	donetrap = 0
#4  0x0806b6f5 in execode (p=0xa7bd35b0, dont_change_job=0, exiting=0)
at exec.c:965
	s = {prog = 0xa7bd35b0, pc = 0xa7bd35ec, strs = 0xa7bd3620
"\213\210echo foo\211"}
#5  0x08084a7c in loop (toplevel=1, justonce=0) at init.c:181
	toksav = 1
	prog = (Eprog) 0xa7bd35b0
#6  0x080874e2 in zsh_main (argc=2, argv=0xafc54d94) at init.c:1407
	t = (char **) 0xafc54d9c
	t0 = 157
#7  0x080551f6 in main (argc=Cannot access memory at address 0x48
) at ./main.c:93
No locals.



Changing (*s) to (s && *s) fixes the crash, but maybe something else is fishy.
With that change, $a appears to be empty instead of the crash.

% a==(echo foo); : & echo $a
[1] 18053
/tmp/zsh5NP27e
%
[1]  + done       :
% a==(echo foo); : & echo $a
[1] 18054

%
[1]  + done       :


-- 
Mikael Magnusson

Follow-Ups:
- Re: Segfault on =() expansion
  - From: Peter Stephenson

Messages sorted by: Reverse Date, Date, Thread, Author