Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: Zsh parser malloc corruption

X-seq: zsh-workers 41083
From: Bart Schaefer <schaefer@xxxxxxxxxxxxxxxx>
To: zsh-workers@xxxxxxx
Subject: Re: Zsh parser malloc corruption
Date: Tue, 9 May 2017 23:21:41 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brasslantern-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:date:in-reply-to:comments:references:to:subject :mime-version; bh=w6w4U+U8o8uPaRnfMh8O6gWK1Zqe06wdMIC0E5UfMZY=; b=0eMfGWLtfRU2p23ADI46tAUZ9axzXpRIeK8kqRq/AXgbg+Es1g7e2Wc13kr7ihShJi JdR19O8hzLmTYqamMdhUJwdOmlJCYfVkN+JV+XDom98DSsrehju6dzHJUIF6ZIEruxLw Swp6+PSc3Oh2KW7wf3KblDXNMJ6nA8OD3de3D3ag5dSOfhI/5/8PHTz62ZZ63utN+vHG sDWzVfN+Emdqay9FvHp+k3z7mPaVU7J17O8KlXHECpA8l3C9qfJyUBX8AQE1qz854FKk 0sUJW1QsUWaOJHJuGf1AC16yCHYKYLwLDNFLXduIZJyLdmlSlawk3nFcLLB0TuPYxWKk jS9Q==
In-reply-to: <CAOSMAusOHHM-4Y8w24wSwX6i5_YP2Q1nXD2cc6+jibXR=PNhKQ@mail.gmail.com>
List-help: <mailto:zsh-workers-help@zsh.org>
List-id: Zsh Workers List <zsh-workers.zsh.org>
List-post: <mailto:zsh-workers@zsh.org>
Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm
References: <CAOSMAusOHHM-4Y8w24wSwX6i5_YP2Q1nXD2cc6+jibXR=PNhKQ@mail.gmail.com>

PWS, I'm going to ask you to please look at this after all, because it
seems to be related to 

    36682: expand pattern interface to optimise unmetafication

Valgrind says:

==19116== Invalid write of size 1
==19116==    at 0x4A2E0D: patcompile (pattern.c:679)
==19116==    by 0x456846: compgetmatch (glob.c:2623)
==19116==    by 0x4568FA: getmatch (glob.c:2663)
==19116==    by 0x4BA2D9: paramsubst (subst.c:3045)
==19116==    by 0x4B486A: stringsubst (subst.c:247)
==19116==    by 0x4B3BED: prefork (subst.c:85)
==19116==    by 0x4437D5: execcmd_getargs (exec.c:2659)
==19116==    by 0x443BCF: execcmd_exec (exec.c:2765)
==19116==    by 0x4414B5: execpline2 (exec.c:1873)
==19116==    by 0x43FCDA: execpline (exec.c:1602)
==19116==    by 0x43EEA5: execlist (exec.c:1360)
==19116==    by 0x43E5A3: execode (exec.c:1141)

This repeats several times, and eventually kills valgrind itself:

valgrind: the 'impossible' happened:
   Killed by fatal signal
==19116==    at 0x38058236: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)

It appears that the "patalloc" space is not large enough to hold the
metafied pattern, maybe because there are NUL bytes in the pattern
prior to it being metafied?

Also I can reproduce my crash with a shorter input; delete everything
from (including) the first "&" through the end of the malloc-corruption
file.

Follow-Ups:
- Re: Zsh parser malloc corruption
  - From: Peter Stephenson

References:
- Zsh parser malloc corruption
  - From: Eduardo Bustamante

Messages sorted by: Reverse Date, Date, Thread, Author