Control: tag -1 + confirmed Control: forwarded -1 http://www.zsh.org/mla/workers/2017/msg00251.html Control: found -1 4.3.17-1 Control: found -1 5.0.7-5
Hi, thanks to Daniel for the report and especially the patches. Daniel Shahaf wrote: > Version: 5.3.1-3 Actually this issue seems to be no (recent) regression but a crash which can be reproduced on Debian Jessie and Wheezy, too. It though looks slightly different with older zsh versions and requires a little bit more constraints to be triggered. See below. > Please find attached two segfault fixes for zsh. The according upstream bug report (which only covers one half of the issue as it's currently known) can be found at http://www.zsh.org/mla/workers/2017/msg00251.html Following is a minimal case reproduce this on Debian Sid/Stretch with 5.3.1-3: → zsh -f stretch% options+=() stretch% options+=() [1] - 17934 segmentation fault (core dumped) zsh -f → zsh -f stretch% functions+=() stretch% functions+=() [1] 18988 segmentation fault (core dumped) zsh -f On Jessie (zsh 5.0.7-5) it requires at least one pair of values to crash, so not requiring a value to crash might be considered a regression: → zsh -f jessie% options+=(a b) zsh: invalid value: b jessie% options+=(a b) zsh: invalid value: b [1] 25740 segmentation fault (core dumped) zsh -f → zsh -f jessie% functions+=(a b) jessie% functions+=(a b) [1] 25785 segmentation fault (core dumped) zsh -f On Wheezy (zsh 4.3.17-1) it even crashes on the first invocation, but requires at least one pair of values to crash: → zsh -f wheezy% functions+=(a b) *** glibc detected *** zsh: free(): invalid pointer: 0x00007f98af455c78 *** ======= Backtrace: ========= /lib/x86_64-linux-gnu/libc.so.6(+0x75bb6)[0x7f98ae678bb6] /lib/x86_64-linux-gnu/libc.so.6(cfree+0x6c)[0x7f98ae67d95c] zsh(strsetfn+0x1d)[0x45c28d] zsh(setstrvalue+0x482)[0x45e5b2] zsh(arrhashsetfn+0x95)[0x45e6b5] zsh(assignaparam+0x10e)[0x46201e] zsh[0x4276bc] zsh[0x427a49] zsh(execlist+0x1f1)[0x42de41] zsh(execode+0xaf)[0x42e57f] zsh(loop+0xa2)[0x43eaf2] zsh(zsh_main+0x606)[0x4418d6] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd)[0x7f98ae621ead] zsh[0x410551] ======= Memory map: ======== 00400000-004a4000 r-xp 00000000 ca:02 5464232 /bin/zsh4 006a3000-006a4000 r--p 000a3000 ca:02 5464232 /bin/zsh4 006a4000-006aa000 rw-p 000a4000 ca:02 5464232 /bin/zsh4 006aa000-006be000 rw-p 00000000 00:00 0 010af000-010f1000 rw-p 00000000 00:00 0 [heap] 7f98a8000000-7f98a8021000 rw-p 00000000 00:00 0 7f98a8021000-7f98ac000000 ---p 00000000 00:00 0 7f98acd60000-7f98acd75000 r-xp 00000000 ca:02 16318790 /lib/x86_64-linux-gnu/libgcc_s.so.1 7f98acd75000-7f98acf75000 ---p 00015000 ca:02 16318790 /lib/x86_64-linux-gnu/libgcc_s.so.1 7f98acf75000-7f98acf76000 rw-p 00015000 ca:02 16318790 /lib/x86_64-linux-gnu/libgcc_s.so.1 7f98acf76000-7f98acf7f000 r-xp 00000000 ca:02 4235476 /usr/lib/zsh/4.3.17/zsh/parameter.so 7f98acf7f000-7f98ad17e000 ---p 00009000 ca:02 4235476 /usr/lib/zsh/4.3.17/zsh/parameter.so 7f98ad17e000-7f98ad17f000 r--p 00008000 ca:02 4235476 /usr/lib/zsh/4.3.17/zsh/parameter.so 7f98ad17f000-7f98ad180000 rw-p 00009000 ca:02 4235476 /usr/lib/zsh/4.3.17/zsh/parameter.so 7f98ad180000-7f98ad18f000 r-xp 00000000 ca:02 4235518 /usr/lib/zsh/4.3.17/zsh/compctl.so 7f98ad18f000-7f98ad38f000 ---p 0000f000 ca:02 4235518 /usr/lib/zsh/4.3.17/zsh/compctl.so 7f98ad38f000-7f98ad390000 r--p 0000f000 ca:02 4235518 /usr/lib/zsh/4.3.17/zsh/compctl.so 7f98ad390000-7f98ad391000 rw-p 00010000 ca:02 4235518 /usr/lib/zsh/4.3.17/zsh/compctl.so 7f98ad391000-7f98ad3b4000 r-xp 00000000 ca:02 4235513 /usr/lib/zsh/4.3.17/zsh/complete.so 7f98ad3b4000-7f98ad5b4000 ---p 00023000 ca:02 4235513 /usr/lib/zsh/4.3.17/zsh/complete.so 7f98ad5b4000-7f98ad5b5000 r--p 00023000 ca:02 4235513 /usr/lib/zsh/4.3.17/zsh/complete.so 7f98ad5b5000-7f98ad5b6000 rw-p 00024000 ca:02 4235513 /usr/lib/zsh/4.3.17/zsh/complete.so 7f98ad5b6000-7f98ad5b7000 rw-p 00000000 00:00 0 7f98ad5b7000-7f98ad5f8000 r-xp 00000000 ca:02 4235500 /usr/lib/zsh/4.3.17/zsh/zle.so 7f98ad5f8000-7f98ad7f8000 ---p 00041000 ca:02 4235500 /usr/lib/zsh/4.3.17/zsh/zle.so 7f98ad7f8000-7f98ad7f9000 r--p 00041000 ca:02 4235500 /usr/lib/zsh/4.3.17/zsh/zle.so 7f98ad7f9000-7f98ad800000 rw-p 00042000 ca:02 4235500 /usr/lib/zsh/4.3.17/zsh/zle.so 7f98ad800000-7f98ad801000 rw-p 00000000 00:00 0 7f98ad801000-7f98ad80c000 r-xp 00000000 ca:02 9486598 /lib/x86_64-linux-gnu/libnss_files-2.13.so 7f98ad80c000-7f98ada0b000 ---p 0000b000 ca:02 9486598 /lib/x86_64-linux-gnu/libnss_files-2.13.so 7f98ada0b000-7f98ada0c000 r--p 0000a000 ca:02 9486598 /lib/x86_64-linux-gnu/libnss_files-2.13.so 7f98ada0c000-7f98ada0d000 rw-p 0000b000 ca:02 9486598 /lib/x86_64-linux-gnu/libnss_files-2.13.so 7f98ada0d000-7f98ada17000 r-xp 00000000 ca:02 9486593 /lib/x86_64-linux-gnu/libnss_nis-2.13.so 7f98ada17000-7f98adc16000 ---p 0000a000 ca:02 9486593 /lib/x86_64-linux-gnu/libnss_nis-2.13.so 7f98adc16000-7f98adc17000 r--p 00009000 ca:02 9486593 /lib/x86_64-linux-gnu/libnss_nis-2.13.so 7f98adc17000-7f98adc18000 rw-p 0000a000 ca:02 9486593 /lib/x86_64-linux-gnu/libnss_nis-2.13.so 7f98adc18000-7f98adc2d000 r-xp 00000000 ca:02 9486595 /lib/x86_64-linux-gnu/libnsl-2.13.so 7f98adc2d000-7f98ade2c000 ---p 00015000 ca:02 9486595 /lib/x86_64-linux-gnu/libnsl-2.13.so 7f98ade2c000-7f98ade2d000 r--p 00014000 ca:02 9486595 /lib/x86_64-linux-gnu/libnsl-2.13.so 7f98ade2d000-7f98ade2e000 rw-p 00015000 ca:02 9486595 /lib/x86_64-linux-gnu/libnsl-2.13.so 7f98ade2e000-7f98ade30000 rw-p 00000000 00:00 0 7f98ade30000-7f98ade37000 r-xp 00000000 ca:02 9486538 /lib/x86_64-linux-gnu/libnss_compat-2.13.so 7f98ade37000-7f98ae036000 ---p 00007000 ca:02 9486538 /lib/x86_64-linux-gnu/libnss_compat-2.13.so 7f98ae036000-7f98ae037000 r--p 00006000 ca:02 9486538 /lib/x86_64-linux-gnu/libnss_compat-2.13.so 7f98ae037000-7f98ae038000 rw-p 00007000 ca:02 9486538 /lib/x86_64-linux-gnu/libnss_compat-2.13.so 7f98ae038000-7f98ae3fe000 r--p 00000000 ca:02 7725092 /usr/lib/locale/locale-archive 7f98ae3fe000-7f98ae402000 r-xp 00000000 ca:02 16318766 /lib/x86_64-linux-gnu/libattr.so.1.1.0 7f98ae402000-7f98ae601000 ---p 00004000 ca:02 16318766 /lib/x86_64-linux-gnu/libattr.so.1.1.0 7f98ae601000-7f98ae602000 r--p 00003000 ca:02 16318766 /lib/x86_64-linux-gnu/libattr.so.1.1.0 7f98ae602000-7f98ae603000 rw-p 00004000 ca:02 16318766 /lib/x86_64-linux-gnu/libattr.so.1.1.0 7f98ae603000-7f98ae787000 r-xp 00000000 ca:02 9486574 /lib/x86_64-linux-gnu/libc-2.13.so 7f98ae787000-7f98ae986000 ---p 00184000 ca:02 9486574 /lib/x86_64-linux-gnu/libc-2.13.so 7f98ae986000-7f98ae98a000 r--p 00183000 ca:02 9486574 /lib/x86_64-linux-gnu/libc-2.13.so 7f98ae98a000-7f98ae98b000 rw-p 00187000 ca:02 9486574 /lib/x86_64-linux-gnu/libc-2.13.so 7f98ae98b000-7f98ae990000 rw-p 00000000 00:00 0 7f98ae990000-7f98aea11000 r-xp 00000000 ca:02 9486620 /lib/x86_64-linux-gnu/libm-2.13.so 7f98aea11000-7f98aec10000 ---p 00081000 ca:02 9486620 /lib/x86_64-linux-gnu/libm-2.13.so 7f98aec10000-7f98aec11000 r--p 00080000 ca:02 9486620 /lib/x86_64-linux-gnu/libm-2.13.so 7f98aec11000-7f98aec12000 rw-p 00081000 ca:02 9486620 /lib/x86_64-linux-gnu/libm-2.13.so 7f98aec12000-7f98aec37000 r-xp 00000000 ca:02 16318760 /lib/x86_64-linux-gnu/libtinfo.so.5.9[1] 9568 abort zsh -f Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `- | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
