Zsh Mailing List Archive
Messages sorted by:
Reverse Date,
Date,
Thread,
Author
zsh segfaults with lots of data in one variable
- X-seq: zsh-workers 26684
- From: Frank Terbeck <ft@xxxxxxxxxxxxxxxxxxx>
- To: zsh workers <zsh-workers@xxxxxxxxxx>
- Subject: zsh segfaults with lots of data in one variable
- Date: Tue, 3 Mar 2009 22:07:29 +0100
- Mail-followup-to: zsh workers <zsh-workers@xxxxxxxxxx>
- Mailing-list: contact zsh-workers-help@xxxxxxxxxx; run by ezmlm
Hey,
I just wanted to see if lines="$(<&0)" plays nice with binary input
data, when zsh crashed on me.
What I did is this:
[snip]
zsh% slurp() { lines="$(<&0)" }
zsh% slurp < ./a-big-71MiB-mp3-file.mp3
zsh% printf '%s' $lines > foo.mp3
[snap]
This segfaults after the printf. m5sum says a-big-71MiB-mp3-file.mp3
and foo.mp3 are the same.
Of course, that's nothing I would normally do, because there's
cp(1). :-) - Still, zsh shouldn't segfault, I guess.
To verify this still applies, I built the current cvs head and it's
still there - and it is; here is a backtrace from gdb:
[snip]
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...
Reading symbols from /usr/lib/libgdbm.so.3...done.
Loaded symbols for /usr/lib/libgdbm.so.3
Reading symbols from /usr/lib/libpcre.so.3...done.
Loaded symbols for /usr/lib/libpcre.so.3
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libncursesw.so.5...done.
Loaded symbols for /lib/libncursesw.so.5
Reading symbols from /lib/libm.so.6...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libnss_compat.so.2...done.
Loaded symbols for /lib/libnss_compat.so.2
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib/libnss_nis.so.2...done.
Loaded symbols for /lib/libnss_nis.so.2
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
Reading symbols from /usr/lib/gconv/ISO8859-15.so...done.
Loaded symbols for /usr/lib/gconv/ISO8859-15.so
Reading symbols from /mnt/extern/builds/zsh/installations/lib/zsh/4.3.9-dev-1/zsh/parameter.so...done.
Loaded symbols for /mnt/extern/builds/zsh/installations/lib/zsh/4.3.9-dev-1/zsh/parameter.so
Reading symbols from /mnt/extern/builds/zsh/installations/lib/zsh/4.3.9-dev-1/zsh/zle.so...done.
Loaded symbols for /mnt/extern/builds/zsh/installations/lib/zsh/4.3.9-dev-1/zsh/zle.so
Reading symbols from /mnt/extern/builds/zsh/installations/lib/zsh/4.3.9-dev-1/zsh/zleparameter.so...done.
Loaded symbols for /mnt/extern/builds/zsh/installations/lib/zsh/4.3.9-dev-1/zsh/zleparameter.so
Reading symbols from /mnt/extern/builds/zsh/installations/lib/zsh/4.3.9-dev-1/zsh/deltochar.so...done.
Loaded symbols for /mnt/extern/builds/zsh/installations/lib/zsh/4.3.9-dev-1/zsh/deltochar.so
Reading symbols from /mnt/extern/builds/zsh/installations/lib/zsh/4.3.9-dev-1/zsh/mathfunc.so...done.
Loaded symbols for /mnt/extern/builds/zsh/installations/lib/zsh/4.3.9-dev-1/zsh/mathfunc.so
Reading symbols from /mnt/extern/builds/zsh/installations/lib/zsh/4.3.9-dev-1/zsh/curses.so...done.
Loaded symbols for /mnt/extern/builds/zsh/installations/lib/zsh/4.3.9-dev-1/zsh/curses.so
Reading symbols from /mnt/extern/builds/zsh/installations/lib/zsh/4.3.9-dev-1/zsh/pcre.so...done.
Loaded symbols for /mnt/extern/builds/zsh/installations/lib/zsh/4.3.9-dev-1/zsh/pcre.so
Reading symbols from /mnt/extern/builds/zsh/installations/lib/zsh/4.3.9-dev-1/zsh/complete.so...done.
Loaded symbols for /mnt/extern/builds/zsh/installations/lib/zsh/4.3.9-dev-1/zsh/complete.so
Reading symbols from /mnt/extern/builds/zsh/installations/lib/zsh/4.3.9-dev-1/zsh/zutil.so...done.
Loaded symbols for /mnt/extern/builds/zsh/installations/lib/zsh/4.3.9-dev-1/zsh/zutil.so
Reading symbols from /mnt/extern/builds/zsh/installations/lib/zsh/4.3.9-dev-1/zsh/computil.so...done.
Loaded symbols for /mnt/extern/builds/zsh/installations/lib/zsh/4.3.9-dev-1/zsh/computil.so
Reading symbols from /mnt/extern/builds/zsh/installations/lib/zsh/4.3.9-dev-1/zsh/complist.so...done.
Loaded symbols for /mnt/extern/builds/zsh/installations/lib/zsh/4.3.9-dev-1/zsh/complist.so
Reading symbols from /mnt/extern/builds/zsh/installations/lib/zsh/4.3.9-dev-1/zsh/rlimits.so...done.
Loaded symbols for /mnt/extern/builds/zsh/installations/lib/zsh/4.3.9-dev-1/zsh/rlimits.so
Reading symbols from /mnt/extern/builds/zsh/installations/lib/zsh/4.3.9-dev-1/zsh/terminfo.so...done.
Loaded symbols for /mnt/extern/builds/zsh/installations/lib/zsh/4.3.9-dev-1/zsh/terminfo.so
Core was generated by `/mnt/extern/builds/zsh/installations/bin/zsh'.
Program terminated with signal 11, Segmentation fault.
[New process 21102]
#0 0x080735ac in runshfunc (prog=0x89c82e8, wrap=0xb7b55c20, name=0xb7f49258 "precmd") at exec.c:4437
4437 memcpy(ou, underscore, underscoreused);
(gdb) #0 0x080735ac in runshfunc (prog=0x89c82e8, wrap=0xb7b55c20, name=0xb7f49258 "precmd") at exec.c:4437
cont = 145583904
ou = 0xbad047d0 <Address 0xbad047d0 out of bounds>
#1 0x08073309 in doshfunc (shfunc=0x89eaec0, doshargs=0x0, noreturnval=1) at exec.c:4352
tab = (char **) 0x899f018
x = (char **) 0x4b
oargv0 = 0x899ca10 "/mnt/extern/builds/zsh/installations/bin/zsh"
oldzoptind = 1
oldlastval = 0
oldoptcind = 0
oldnumpipestats = 1
ret = 144345656
oldpipestats = (int *) 0xb7f49248
saveopts = "\000\001\000\001\000\001\000\000\001\001\000\000\001\001\001\000\001\001\001\000\000\000\000\001\000\001\001\001\000\001\001\001\001\000\001\001\001\000\000\000\000\000\000\000\001\001\001\000\000\001\001\000\001\001\001\001\000\000\000\000\000\000\001\001\001\000\000\000\000\001\001\001\000\000\000\000\001\001\000\000\000\000\000\000\001\000\000\000\000\000\000\000\001\000\000\000\001\001\000\000\001\000\000\000\000\001\001\001\001\001\001\000\000\001\000\000\000\000\000\000\000\000\000\000\001\000\001\001\001\000\000\001\000\001\000\001\000\000\000\000\000\000\001\000\000\001\000\000\000\000\001\000\000\001\000\000\001\000\001"
oldscriptname = 0x0
name = 0x89a8a38 "precmd"
flags = 0
fname = 0xb7f49240 "precmd"
obreaks = 0
saveemulation = 48
savesticky_emulation = 0
restore_sticky = 0
prog = (Eprog) 0x89c82e8
fstack = {prev = 0x0, name = 0xb7f49258 "precmd", filename = 0xb7f49290 "/home/hawk/etc/zsh/zshrc.d/zfunct",
caller = 0xb7f49260 "/mnt/extern/builds/zsh/installations/bin/zsh", flineno = 12, lineno = 4, tp = 1}
funcdepth = 1
#2 0x080cdab8 in callhookfunc (name=0x80e48b7 "precmd", lnklst=0x0, arrayp=1, retval=0x0) at utils.c:1170
shfunc = (Shfunc) 0x89eaec0
osc = 0
osm = 0
stat = 1
ret = 0
#3 0x080cdd94 in preprompt () at utils.c:1237
ln = (LinkNode) 0x0
period = 0
mailcheck = 60
lastperiodic = 0
#4 0x08084460 in loop (toplevel=1, justonce=0) at init.c:118
hstop = 0
prog = (Eprog) 0xb7f49990
#5 0x0808727d in zsh_main (argc=1, argv=0xbfb75554) at init.c:1405
t = (char **) 0xbfb75558
t0 = 158
#6 0x08054b96 in main (argc=) at ./main.c:93
No locals.
(gdb)
[snap]
So, that's somewhere in the vicinity of 'precmd()'. And indeed, if I
start 'zsh -f' the segfault is gone.
So, let's try this:
[snip]
zsh% /mnt/extern/builds/zsh/installations/bin/zsh -f
zsh% precmd() { print "Hello from precmd()." }
Hello from precmd().
zsh% slurp() { lines="$(<&0)" }
Hello from precmd().
zsh% slurp < ./a-big-71MiB-mp3-file.mp3
Hello from precmd().
zsh% printf '%s' $lines > foo.mp3
[1] 21879 segmentation fault (core dumped) /mnt/extern/builds/zsh/installations/bin/zsh -f
[snap]
The md5sum of the original file and foo.mp3 is still the same,
so that seems to work.
I tried a ~500KiB text file with which the problem didn't occur.
I hope I narrowed the problem down enough. Let me know if you need to
know anything else.
Regards, Frank
--
In protocol design, perfection has been reached not when there is
nothing left to add, but when there is nothing left to take away.
-- RFC 1925
Messages sorted by:
Reverse Date,
Date,
Thread,
Author