Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: TR : Re : [BUG] Crash due to malloc call in signal handler

X-seq: zsh-workers 45021
From: Peter Stephenson <p.w.stephenson@xxxxxxxxxxxx>
To: zsh-workers@xxxxxxx
Subject: Re: TR : Re : [BUG] Crash due to malloc call in signal handler
Date: Fri, 13 Dec 2019 21:08:27 +0000
In-reply-to: <1576258224.5214.31.camel@samsung.com>
List-help: <mailto:zsh-workers-help@zsh.org>
List-id: Zsh Workers List <zsh-workers.zsh.org>
List-post: <mailto:zsh-workers@zsh.org>
List-unsubscribe: <mailto:zsh-workers-unsubscribe@zsh.org>
Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm
References: <CGME20191213171028eucas1p2e7820377701008b2d05c898192b7c17e@eucas1p2.samsung.com> <569822988.994307929.1576256973462.JavaMail.root@zimbra62-e11.priv.proxad.net> <1576258224.5214.31.camel@samsung.com>

On Fri, 2019-12-13 at 17:30 +0000, Peter Stephenson wrote:
> I think the intention here is to make sure we're not blocking for a long
> time in this function, but if fgetc() is doing memory allocation we're
> going to have to put that in the signal blocking.  However, if the input
> itself blocks in fgetc() that's going to be a problem.  The fix might be
> not to fdopen() the input file, but just read into a buffer with
> read().

This would look like the following, which is passing tests...

Additional eyes are welcome; I'm  not doing a lot of Unix system programming
at the moment...

pws

diff --git a/Src/exec.c b/Src/exec.c
index 9dc91a71e..7f23dd824 100644
--- a/Src/exec.c
+++ b/Src/exec.c
@@ -4653,12 +4653,10 @@ mod_export LinkList
 readoutput(int in, int qt, int *readerror)
 {
     LinkList ret;
-    char *buf, *ptr;
-    int bsiz, c, cnt = 0;
-    FILE *fin;
+    char *buf, *bufptr, *ptr, inbuf[64];
+    int bsiz, c, cnt = 0, readret;
     int q = queue_signal_level();
 
-    fin = fdopen(in, "r");
     ret = newlinklist();
     ptr = buf = (char *) hcalloc(bsiz = 64);
     /*
@@ -4670,33 +4668,37 @@ readoutput(int in, int qt, int *readerror)
      */
     dont_queue_signals();
     child_unblock();
-    while ((c = fgetc(fin)) != EOF || errno == EINTR) {
-	if (c == EOF) {
-	    errno = 0;
-	    clearerr(fin);
-	    continue;
-	}
-	if (imeta(c)) {
-	    *ptr++ = Meta;
-	    c ^= 32;
-	    cnt++;
+    for (;;) {
+	readret = read(in, inbuf, 64);
+	if (readret <= 0) {
+	    if (readret < 0 && errno == EINTR)
+		continue;
+	    else
+		break;
 	}
-	if (++cnt >= bsiz) {
-	    char *pp;
-	    queue_signals();
-	    pp = (char *) hcalloc(bsiz *= 2);
-	    dont_queue_signals();
+	for (bufptr = inbuf; bufptr < inbuf + readret; bufptr++) {
+	    c = *bufptr;
+	    if (imeta(c)) {
+		*ptr++ = Meta;
+		c ^= 32;
+		cnt++;
+	    }
+	    if (++cnt >= bsiz) {
+		char *pp;
+		queue_signals();
+		pp = (char *) hcalloc(bsiz *= 2);
+		dont_queue_signals();
 
-	    memcpy(pp, buf, cnt - 1);
-	    ptr = (buf = pp) + cnt - 1;
+		memcpy(pp, buf, cnt - 1);
+		ptr = (buf = pp) + cnt - 1;
+	    }
+	    *ptr++ = c;
 	}
-	*ptr++ = c;
     }
     child_block();
     restore_queue_signals(q);
     if (readerror)
-	*readerror = ferror(fin) ? errno : 0;
-    fclose(fin);
+	*readerror = readret < 0 ? errno : 0;
     while (cnt && ptr[-1] == '\n')
 	ptr--, cnt--;
     *ptr = '\0';

Follow-Ups:
- Re: TR : Re : [BUG] Crash due to malloc call in signal handler
  - From: Peter Stephenson

References:
- TR : Re : [BUG] Crash due to malloc call in signal handler
  - From: Antoine C.
- Re: TR : Re : [BUG] Crash due to malloc call in signal handler
  - From: Peter Stephenson

Messages sorted by: Reverse Date, Date, Thread, Author