Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Re: zsh malloc/heap corruption



On Sat, Sep 27, 2025, at 10:04 PM, Bart Schaefer wrote:

> I'm still curious what this is intended to do, because at least part
> of the time it just hangs on opening the fifo (according to strace)
> and part of the time it just finishes.

Well, it evolved into a pure bug lure and lost all original purpose. The
real program has a 1:1 fifo writer to reader and so doesn't lock up; as
I slimmed it down for a test case the crashes got fewer and fewer until
I added parallel writing processes into the same fifo. This on my box
provoked the bug extremely quickly, but became of course a dog's
breakfast of a pipeline.

> So it looks like there's a malloc re-entry when a background child
> exit is handled during the   while [[ $trace_buffer == *$'\n'* ]]; do
> condition.  Bug in the zsh/regex module.

Your hypothesis/diagnosis seems to fit very well.   I observed that I
couldn't remove the regex call from the script without losing the
crashes, and the double fifo writer is an extra competing child process
with random exit timing, very plausibly going to occur during the regex
match with much higher probability that with a single writer.  So that
aligns with all my empirical testing and evolution.

Is it useful if I work on a better testcase with this new understanding,
or does that one stack trace tell you all that's needed?

Many thanks!




Messages sorted by: Reverse Date, Date, Thread, Author