Re: Bug#527110: zsh: segfaults when term is one line tall while doing tab completion

[Clint Adams <schizo@xxxxxxxxxx>]

On Tue, May 05, 2009 at 07:09:28PM +0200, Michael Kristensen wrote:
> zsh version 4.3.9-4 segfaults when I have a terminal emulator open with only
> one window available for the term and then do a tab completion. Steps to
> reproduce below.

(terminal window is only 1 line high)

> It should be mentioned that I've tried to reproduce the bug with 'zsh -f', but
> I can't. Therefore I am attaching the output from the Util/reporter script.
> The reason I'm mentioning this is because it says bugs should be reproduced
> with the -f flag (in the README from the source root dir) and if it can't the
> output from the Util/reporter script (also from source root dir) should be
> included. 
> 
> I can, however, reproduce the bug every time when not using the -f flag. Steps
> to reproduce:
> 
> 1. Open terminal emulator
> 
> 2. Resize window so that there's only one line for the shell (i.e. where the
> prompt also is).
> 
> 3. Enter: ls <tab><tab> (that is, begin typing the 'ls' command, then press
> tabulator twice to tab complete.)
> 
> 4. This makes zsh segfault which is evident from the /var/log/kern.log:
> 
> May  5 17:08:19 himlen kernel: zsh[13322]: segfault at 278 ip b7b03a24 sp bf85e050 error 4 in complist.so[b7b00000+d000]
> 
> I'm normally using the tiling window manager called "awesome", currently
> version 3.2.1. In this wm I can reproduce the bug both in the urxvt terminal
> emulator and in xterm. I also tried reproducing it in xfce4, but I was only
> succesful in reproducing it in xterm here. I.e. the bug was not reproducible in
> urxvt in xfce4.
> 
> When moving my .zshrc away and touching it to make it empty, the bug is not
> reproducible. I think this is because the bug is related to some completion
> options I have enabled.
> 
> Apart from the Util/reporter output, I am attaching a full gdb backtrace
> (output recorded with `script -c "gdb -p 13322" gdb-session') and my .zshrc
> file.


[...]
> zstyle ':completion:*' auto-description 'specify: %d'
> zstyle ':completion:*' completer _complete _ignored
> zstyle ':completion:*' list-colors ${(s.:.)LS_COLORS}
> zstyle ':completion:*' menu select=long-list select=0
> zstyle ':completion:*' select-prompt '%SScrolling active - %l%s'

I bet that if you comment out the above two your segfault will go away.

> zstyle ':completion:*' verbose true
> zstyle :compinstall filename '/home/mkrist/.zshrc'

[...]

> Program received signal SIGSEGV, Segmentation fault.
> domenuselect (dummy=0xb7b6c834, dat=0xbf85e3ec) at ../../../Src/Zle/complist.c:2478
> 2478	../../../Src/Zle/complist.c: No such file or directory.
> 	in ../../../Src/Zle/complist.c
> (gdb) bt full
> #0  domenuselect (dummy=0xb7b6c834, dat=0xbf85e3ec) at ../../../Src/Zle/complist.c:2478
> 	p = (Cmatch **) 0x278
> 	c = 79
> 	p = (Cmatch **) 0xb7eba140
> 	pg = (Cmgroup *) 0x8101b70
> 	cmd = (Thingy) 0x0
> 	do_last_key = 0
> 	u = (Menustack) 0x0
> 	i = 0
> 	acc = <value optimized out>
> 	wishcol = 0
> 	setwish = 0
> 	oe = 0
> 	wasnext = 0
> 	space = <value optimized out>
> 	lbeg = 0
> 	step = 1
> 	wrap = -1081744888
> 	pl = 1
> 	broken = <value optimized out>
> 	first = 1
> 	nolist = 0
> 	mode = 0
> 	modecs = 135695184
> 	modell = 16
> 	modelen = 135292800
> 	wasmeta = 1
> 	s = 0x0
> 	status = "\000\000\000\000\000\020\000\000\000\000\000\000\000\020\000\000T?Ü@???\000\000\000\000\000\000\000\000\025?\201I\000\000\000\000w\a?I\000\000\000\000P\213\026\b@???\004\000\000\000\031\000\000\000P\205\026\b ?\026\b\210?\205??m??T?Ü?\217??@???`\206\026\b\210?\205?\226?Ü@???`\206\026\b?f\020\b@???@???\000\003\027\b"
> 	modeline = 0x0
> 	fdat = (Chdata) 0xbf85e3ec
> 	lastsearch = 0x0
> #1  0x0808efca in runhookdef (h=0xb7b6c834, d=0xbf85e3ec) at ../../Src/module.c:990
> 	p = (LinkNode) 0x8120a50
> 	r = 632
> #2  0xb7b5c740 in after_complete (dummy=0xb7ba307c, dat=0xbf85e588) at ../../../Src/Zle/compcore.c:515
> 	cdat = {matches = 0x816e6a0, num = 25, nmesg = 0, cur = 0x0}
> 	ret = <value optimized out>
> #3  0xb7b94d17 in docomplete (lst=0) at ../../../Src/Zle/zle_tricky.c:869
> 	s = 0x8101b70 "0\031\020\bp???/_zf\021"
> 	ol = 0x0
> 	olst = 4
> 	chl = 0
> 	ne = 0
> 	ocs = 3
> 	ret = 1
> 	dat = {0, 1}
> 	active = 1
> #4  0xb7b90a40 in completecall (args=0xb7ba33a0) at ../../../Src/Zle/zle_tricky.c:208
> No locals.
> #5  0xb7b81d05 in execzlefunc (func=0xb7ba0630, args=0xb7ba33a0, set_bindk=0)
>     at ../../../Src/Zle/zle_main.c:1292
> 	ret = <value optimized out>
> 	remetafy = 0
> 	w = (Widget) 0x80f9590
> 	save_bindk = (Thingy) 0xb7ba0630
> #6  0xb7b81f22 in zlecore () at ../../../Src/Zle/zle_main.c:1043
> No locals.
> #7  0xb7b82538 in zleread (lp=0x80dfcbc, rp=0x0, flags=3, context=0) at ../../../Src/Zle/zle_main.c:1206
> 	s = <value optimized out>
> ---Type <return> to continue, or q <return> to quit---
> 	old_errno = 22
> 	initthingy = <value optimized out>
> #8  0xb7b84197 in zle_main_entry (cmd=79, ap=0x4f <Address 0x4f out of bounds>)
>     at ../../../Src/Zle/zle_main.c:1836
> No locals.
> #9  0x0807d212 in zleentry (cmd=1) at ../../Src/init.c:1255
> 	ret = <value optimized out>
> #10 0x080808b3 in ingetc () at ../../Src/input.c:278
> 	lastc = <value optimized out>
> #11 0x0807bd57 in ihgetc () at ../../Src/hist.c:263
> 	c = <value optimized out>
> #12 0x08087db6 in yylex () at ../../Src/lex.c:677
> No locals.
> #13 0x080a3f5a in parse_event () at ../../Src/parse.c:451
> No locals.
> #14 0x0807f064 in loop (toplevel=1, justonce=0) at ../../Src/init.c:129
> 	prog = (Eprog) 0xbf85ec24
> #15 0x0807fe06 in zsh_main (argc=1, argv=0xbf85ec24) at ../../Src/init.c:1406
> 	t = <value optimized out>
> 	t0 = <value optimized out>
> #16 0x08054b62 in main (argc=Cannot access memory at address 0x4f
> ) at ../../Src/main.c:93
> No locals.

[...]