Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: Complex config triggering Segfault in pattern matching code.

X-seq: zsh-workers 33965
From: Peter Stephenson <p.w.stephenson@xxxxxxxxxxxx>
To: zsh-workers@xxxxxxx
Subject: Re: Complex config triggering Segfault in pattern matching code.
Date: Sun, 14 Dec 2014 18:20:21 +0000
Cc: Jonathan H <pythonnut@xxxxxxxxx>
In-reply-to: <141213204032.ZM16766@torch.brasslantern.com>
List-help: <mailto:zsh-workers-help@zsh.org>
List-id: Zsh Workers List <zsh-workers.zsh.org>
List-post: <mailto:zsh-workers@zsh.org>
Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm
References: <CAAW2-Zf8azHg+pWfSYEWQhBgagqY7cPQNbjB7x+q76j7fQDT8g@mail.gmail.com> <141213152840.ZM16632@torch.brasslantern.com> <CAAW2-ZdW+j655-8dnzTYr-qK6bee0is806E+S3QG-bZumz70Ww@mail.gmail.com> <141213204032.ZM16766@torch.brasslantern.com>

On Sat, 13 Dec 2014 20:40:32 -0800
Bart Schaefer <schaefer@xxxxxxxxxxxxxxxx> wrote:
> On Dec 13,  3:36pm, Jonathan H wrote:
> }
> } $ZSH_PATCHLEVEL == "zsh-5.0.7-0-g208bded"
> } $(uname -a) == "Linux protogon.localdomain 3.17.6-1-ARCH #1 SMP
> } PREEMPT Sun Dec 7 23:43:32 UTC 2014 x86_64 GNU/Linux"
> } 
> } I've attached the output of gdb backtrace, watch and the headers.
> 
> OK, thanks.  If you look closely at that backtrace, you'll see that the
> shell is actually inside the zle-line-init widget, which means that the
> entire editor is just starting up:
> 
> #364 "zle-line-init", arg=0x0) at zle_utils.c:1706
> 
> This calls through here:
>...
> #280 recursiveedit (args=0x7fb1f7f4ba70) at zle_main.c:181
> 
> So at this point we haven't even finished initializing ZLE yet, but one of
> these "auto-fu" functions has recursively invoked it.  This is a recipe for 
> disaster if ever I saw one.  I suspect recursive-edit should simply throw
> an error if it's invoked from zle-line-init, but PWS may be able to speak
> better to this.

I'm not actually what would go wrong here.

After zle-line-init runs (in zleread),the next thing we do is zrefresh()
and then zlecore().  So I think it *has* finished initialising ---
zrefresh() and zlecore() are the stuff that we can only do when zsh is
set up and we can do them at this point.

Indeed, zlecore() is basically what recursive-edit does, although
there's quite lot in the way in the hook stuff in execzlefunc().  So if
something's going wrong here it's the hooking rather than the not being
started that should prevent a recursive edit.  But I still don't know
what it is we can't allow because of what.

> At this point we're already either hosed or about to be because ZLE isn't
> ready to be re-entered yet within zle-line-init

I don't actually see why not, as I said above.

> Oh-my-zsh syntax highlighting is known to tickle several subtle crash-
> inducing memory errors

This is probably more to the point.

> #126 completecall (args=0x7fb1f7f38918) at zle_tricky.c:208

This is utterly bizarre, but, again, I'm not really sure what the core
shell should be disallowing.  It's up to the user rather than the shell
not to complete anything before they've even started up the command
line...

> Anyway, the location of the crash is just where the badly-freed or in some
> other way abused chunk of memory, from some previous error, finally gets
> re-used.

Would it be possible to run valgrind on this, if it's sufficiently
reproducible?

pws

Follow-Ups:
- Re: Complex config triggering Segfault in pattern matching code.
  - From: Jonathan H
- Re: Complex config triggering Segfault in pattern matching code.
  - From: Bart Schaefer

References:
- Complex config triggering Segfault in pattern matching code.
  - From: Jonathan H
- Re: Complex config triggering Segfault in pattern matching code.
  - From: Bart Schaefer
- Re: Complex config triggering Segfault in pattern matching code.
  - From: Jonathan H
- Re: Complex config triggering Segfault in pattern matching code.
  - From: Bart Schaefer

Messages sorted by: Reverse Date, Date, Thread, Author