Hello, I am using zsh 5.9 (ARM64) via Homebrew on macOS 13.1 and I ran into a segfault as I was exiting a manpage. Unfortunately I can't seem to reproduce it, but I'm attaching the crash log to this email. I'm not very familiar with zsh's source but after a quick look, I noticed that `zhandler` calls `wait_for_processes`, which really doesn't seem to be async-signal-safe. For example it reads from the global variable `cmdoutpid` which is just a `pid_t` rather than a `volatile sig_atomic_t` or a lock-free atomic; since it's a regular, static, non-volatile, non-atomic variable, reading it from a signal handler could lead to a data race and other UB. It makes sense that this issue would be difficult to reproduce, and that it would appear more easily on Apple Silicon which has extremely out-of-order execution that tends to trigger latent memory bugs like this. Happy New Year! Hope this helps. Best, Jacob Greenfield |
Attachment:
zsh-2023-01-02-074639.ips
Description: Binary data