[Bug 1098750] Re: zsh5 crashed with SIGSEGV in hrealloc()

flux 1098750 at bugs.launchpad.net
Thu Jan 16 17:50:21 UTC 2014 

I've been able to crash hrealloc with ease and sadly too often writing
multi-line git commit messages. But if I do it as root (as it doesn't
have custom configs for zsh), I am not able to. It probably relates to
my zsh configuration as I was able to reproduce the problem with only
this loaded: http://github.com/zsh-users/zsh-syntax-highlighting
(version 4519467). Following backtraces are done with optimization level
-O0. Obviously h ending up being 0 is a problem..

% gdb zsh
GNU gdb (GDB) 7.6.1 (Debian 7.6.1-1)
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /bin/zsh5...Reading symbols from /usr/lib/debug/.build-id/25/1d29f03c12f43b25ac96d3429c2e9fa6e6633b.debug...done.
done.
(gdb) directory /tmp/zsh-5.0.5/debian/examples/
Source directories searched: /tmp/zsh-5.0.5/debian/examples:$cdir:$cwd
(gdb) run
Starting program: /usr/bin/zsh 
warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7ffff7ffa000
warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
[gdb] [19:47] aiee(pts/18):/tmp% echo 'asdfjioasdf jaiosdfj ioasdf ji
quote> asdjfioajsdf ioasdjfio ajsdio jsdifjaiosdf
quote> asdjfio asdjfioasdjfioasd fjaiosdf 
quote> asdjfioasd fjioasdfjioasdfjio asdfjio 
quote> ajsdfiojsiodfjiofjsdioajio sdfj ioasdfj ioasjdfioa
quote> djasdiofjioa sdf a sdjfiojasdfjioa sdfj ioasdfj ioasdf
quote> jafiojiosdfj ioasdfj ioasdfj iojaiosdjf ioadsf
quote> ajsdfiojaiosdf jaiosdfj aiosdfj ajfiojfaiosdfj asd fjioasdj fio
quote> asdjfioajsdiof  asd fjioadfj ioadjf ioasdjfioa sdjiofjaiosdfj oasdj fio
quote> ajdiofjaio sdfjioasdf jaiosdf jaiosdfjioasdf jaiosdjfio jioasdfjioasdfj 

Program received signal SIGSEGV, Segmentation fault.
0x0000000000461a41 in hrealloc (
    p=0x7ffff7fe65b0 "\231asdfjioasdf jaiosdfj ioasdf ji\nasdjfioajsdf ioasdjfio ajsdio jsdifjaiosdf\nasdjfio asdjfioasdjfioasd fjaiosdf \nasdjfioasd fjioasdfjioasdfjio asdfjio \najsdfiojsiodfjiofjsdioajio sdfj ioasdfj ioasjdfioa"..., 
    old=512, new=1024) at ../../Src/mem.c:616
616	    if (p + old < arena(h) + h->used) {
(gdb) bt full
#0  0x0000000000461a41 in hrealloc (
    p=0x7ffff7fe65b0 "\231asdfjioasdf jaiosdfj ioasdf ji\nasdjfioajsdf ioasdjfio ajsdio jsdifjaiosdf\nasdjfio asdjfioasdjfioasd fjaiosdf \nasdjfioasd fjioasdfjioasdfjio asdfjio \najsdfiojsiodfjiofjsdioajio sdfj ioasdfj ioasjdfioa"..., 
    old=512, new=1024) at ../../Src/mem.c:616
        h = 0x0
        ph = 0x7ffff7f6a000
#1  0x0000000000457b23 in add (c=10) at ../../Src/lex.c:579
        newbsiz = 1024
#2  0x000000000045929b in gettokstr (c=10, sub=0) at ../../Src/lex.c:1357
        strquote = 0
        act = 14
        e = 0
        inbl = 0
        bct = 0
        pct = 0
        brct = 0
        fdpar = 0
        intpos = 1
        in_brace_param = 0
        inquote = 0
        unmatched = 0
        peek = STRING
#3  0x00000000004588f4 in gettok () at ../../Src/lex.c:999
        c = 39
        d = 4686160
        peekfd = -1
        peek = 32767
#4  0x0000000000457643 in zshlex () at ../../Src/lex.c:395
No locals.
#5  0x000000000047b4aa in par_simple (complex=0x7fffffffddb8, nr=0)
    at ../../Src/parse.c:1687
        redir_var = 0
        oecused = 3
        isnull = 1
        r = 3
        argc = 1
        p = 3
        isfunc = 0
        sr = 0
        c = 0
        nrediradd = 0
        assignments = 0
#6  0x00000000004792a8 in par_cmd (complex=0x7fffffffddb8)
    at ../../Src/parse.c:880
        sr = 0
        r = 3
        nr = 0
#7  0x0000000000478d3d in par_pline (complex=0x7fffffffddb8)
    at ../../Src/parse.c:729
        p = 2
        line = 1
#8  0x0000000000478cf6 in par_sublist2 (complex=0x7fffffffddb8)
    at ../../Src/parse.c:710
        f = 0
#9  0x0000000000478b87 in par_sublist (complex=0x7fffffffdde0)
    at ../../Src/parse.c:664
        f = -8720
        p = 1
        c = 1
#10 0x00000000004785a3 in par_event () at ../../Src/parse.c:477
        r = 0
        p = 0
        c = 0
#11 0x000000000047851d in parse_event () at ../../Src/parse.c:454
No locals.
#12 0x0000000000449cc4 in loop (toplevel=1, justonce=0) at ../../Src/init.c:132
        prog = 0x0
        err = 0
        non_empty = 0
#13 0x000000000044d87d in zsh_main (argc=1, argv=0x7fffffffdfb8)
    at ../../Src/init.c:1633
        errexit = 0
        t = 0x7fffffffdfc0
        runscript = 0x0
        t0 = 158
#14 0x000000000040e3cd in main (argc=1, argv=0x7fffffffdfb8)
    at ../../Src/main.c:93
No locals.

aiee# gdb zsh
GNU gdb (GDB) 7.6.1 (Debian 7.6.1-1)
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /bin/zsh5...Reading symbols from /usr/lib/debug/.build-id/25/1d29f03c12f43b25ac96d3429c2e9fa6e6633b.debug...done.
done.
(gdb) directory /tmp/zsh-5.0.5/debian/examples/
Source directories searched: /tmp/zsh-5.0.5/debian/examples:$cdir:$cwd
(gdb) run
Starting program: /usr/bin/zsh 
warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
aiee# . ./zsh-syntax-highlighting.zsh
aiee# ZSH_HIGHLIGHT_STYLES[globbing]='fg=white'
aiee# echo 'afdshuafhsui sdfhi asdhui fasdh ufahsdf 
quote> asdhuf asdhuifhui asdfh uiasdh fuiah sdui dufah uisdfhui asdf
quote> asdh fuiahsdui dfah uidfahui sdfh uiasdhui fahuisdfauisdh fuiadhfa
quote> sdfh auidfh uiasdh fuiahsd fuidfuah sduifa sduifh auisdfahui sdfhauisdf
quote> ahsd fuiah duifah sduifhauisdhui fashuidfhui asd hfuiasdh fah sdui dfa
quote> sdfhuia sdfhuiasdhfui asdhfuiahsduif ahuisdfhauil;fhsduilfhasduilasduif 
quote> asdhfuiashduilduifhasduilfhasduilfhasuildhf auildfh uilah fuilasdhfuil asd
quote> fahj sdufhauilsdfhailsdhf auilsdhf uilasdh fuildfuia hsduilf auilsdfh uilasdf
quote> ahsduifh ailsdhfuilashdfilaushferuihafsruifhasdilufhasdil fh asduilasduifh asdif
quote> ahsdfuihasdilfhauisdfhauilsdfh auisdlfh uilasdhf uilahsd fuilah sdfuildfuih asduilasdu fhasd
quote> fhjasduifhasduilhfuilasdhfuiasdhfuiladhuifashfuilasdh fuildsh fuilasd hfuilasd fhuiladuilf hasdf
quote> ahsdf uioahdfil ahdfilahsduifl hauisdlf hauildf hauildfh auilsdhfuialsdhfiahduilfhauil dfhias
quote> fhauisdhfiluadhsfuilahd fuih asduil hfuila sduiflhaduilfhauilsdhfuilasdhf uilasdhufasduilfhasd
quote>  fasdukilfhauildhfuiasdhfuiladhuilfau0pfdsh uifasdh ilfasd hfuilasd hsdfuilasd hfuilasduilashfliahsduilasduif a

Program received signal SIGSEGV, Segmentation fault.
0x0000000000461a41 in hrealloc (
    p=0x7ffff7fd09a8 "\231afdshuafhsui sdfhi asdhui fasdh ufahsdf \nasdhuf asdhuifhui asdfh uiasdh fuiah sdui dufah uisdfhui asdf\nasdh fuiahsdui dfah uidfahui sdfh uiasdhui fahuisdfauisdh fuiadhfa\nsdfh auidfh uiasdh fuiahsd fu"..., 
    old=1024, new=2048) at ../../Src/mem.c:616
616	    if (p + old < arena(h) + h->used) {

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to zsh in Ubuntu.
https://bugs.launchpad.net/bugs/1098750

Title:
  zsh5 crashed with SIGSEGV in hrealloc()

Status in “zsh” package in Ubuntu:
  New

Bug description:
  I can't seem to reproduce this, but here's roughly what I did (yes, I
  realized, what I'm doing is stupid and doesn't work):

  nyuszika7h at ymlyna ~ % validate_passwd() {
  >     local username
  >     local password
  >
  >     read -r '?username: ' username
  >     read -rs '?password: ' password
  >
  >     su "$username" -c /bin/true &
  >     print "$password" > "/proc/$!/fd/0"
  > }
  zsh: event not found: /fd/0
  127 nyuszika7h at ymlyna ~ % validate_passwd() {
  >     local username
  >     local password
  >
  >     read -r '?username: ' username
  >     read -rs '?password: ' password
  >
  >     su "$username" -c /bin/true &
  >     print "$password" > "/proc/$\!/fd/0"
  > }

  A few moments later, zsh crashed.

  ProblemType: Crash
  DistroRelease: Ubuntu 13.04
  Package: zsh 5.0.0-2ubuntu3
  ProcVersionSignature: Ubuntu 3.5.0-21.32-generic 3.5.7.1
  Uname: Linux 3.5.0-21-generic x86_64
  ApportVersion: 2.8-0ubuntu1
  Architecture: amd64
  Date: Fri Jan 11 23:26:50 2013
  ExecutablePath: /bin/zsh5
  InstallationDate: Installed on 2013-01-10 (1 days ago)
  InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Release amd64 (20121017.5)
  MarkForUpload: True
  ProcCmdline: -zsh
  ProcEnviron:
   LANG=en_US.UTF-8
   SHELL=/bin/zsh
   PATH=(custom, no user)
   TERM=xterm
   XDG_RUNTIME_DIR=<set>
  SegvAnalysis:
   Segfault happened at: 0x450877 <hrealloc+135>:	mov    0x10(%rbx),%rax
   PC (0x00450877) ok
   source "0x10(%rbx)" (0x00000010) not located in a known VMA region (needed readable region)!
   destination "%rax" ok
  SegvReason: reading NULL VMA
  Signal: 11
  SourcePackage: zsh
  StacktraceTop:
   hrealloc ()
   add ()
   ?? ()
   ?? ()
   zshlex ()
  Title: zsh5 crashed with SIGSEGV in hrealloc()
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/zsh/+bug/1098750/+subscriptions

More information about the foundations-bugs mailing list