On Tue, May 05, 2009 at 07:09:28PM +0200, Michael Kristensen wrote:
> zsh version 4.3.9-4 segfaults when I have a terminal emulator open with only
> one window available for the term and then do a tab completion. Steps to
> reproduce below.
(terminal window is only 1 line high)
> It should be mentioned that I've tried to reproduce the bug with 'zsh -f', but
> I can't. Therefore I am attaching the output from the Util/reporter script.
> The reason I'm mentioning this is because it says bugs should be reproduced
> with the -f flag (in the README from the source root dir) and if it can't the
> output from the Util/reporter script (also from source root dir) should be
> included.
>
> I can, however, reproduce the bug every time when not using the -f flag. Steps
> to reproduce:
>
> 1. Open terminal emulator
>
> 2. Resize window so that there's only one line for the shell (i.e. where the
> prompt also is).
>
> 3. Enter: ls <tab><tab> (that is, begin typing the 'ls' command, then press
> tabulator twice to tab complete.)
>
> 4. This makes zsh segfault which is evident from the /var/log/kern.log:
>
> May 5 17:08:19 himlen kernel: zsh[13322]: segfault at 278 ip b7b03a24 sp
> bf85e050 error 4 in complist.so[b7b00000+d000]
>
> I'm normally using the tiling window manager called "awesome", currently
> version 3.2.1. In this wm I can reproduce the bug both in the urxvt terminal
> emulator and in xterm. I also tried reproducing it in xfce4, but I was only
> succesful in reproducing it in xterm here. I.e. the bug was not reproducible
> in
> urxvt in xfce4.
>
> When moving my .zshrc away and touching it to make it empty, the bug is not
> reproducible. I think this is because the bug is related to some completion
> options I have enabled.
>
> Apart from the Util/reporter output, I am attaching a full gdb backtrace
> (output recorded with `script -c "gdb -p 13322" gdb-session') and my .zshrc
> file.
[...]
> zstyle ':completion:*' auto-description 'specify: %d'
> zstyle ':completion:*' completer _complete _ignored
> zstyle ':completion:*' list-colors ${(s.:.)LS_COLORS}
> zstyle ':completion:*' menu select=long-list select=0
> zstyle ':completion:*' select-prompt '%SScrolling active - %l%s'
I bet that if you comment out the above two your segfault will go away.
> zstyle ':completion:*' verbose true
> zstyle :compinstall filename '/home/mkrist/.zshrc'
[...]
> Program received signal SIGSEGV, Segmentation fault.
> domenuselect (dummy=0xb7b6c834, dat=0xbf85e3ec) at
> ../../../Src/Zle/complist.c:2478
> 2478 ../../../Src/Zle/complist.c: No such file or directory.
> in ../../../Src/Zle/complist.c
> (gdb) bt full
> #0 domenuselect (dummy=0xb7b6c834, dat=0xbf85e3ec) at
> ../../../Src/Zle/complist.c:2478
> p = (Cmatch **) 0x278
> c = 79
> p = (Cmatch **) 0xb7eba140
> pg = (Cmgroup *) 0x8101b70
> cmd = (Thingy) 0x0
> do_last_key = 0
> u = (Menustack) 0x0
> i = 0
> acc = <value optimized out>
> wishcol = 0
> setwish = 0
> oe = 0
> wasnext = 0
> space = <value optimized out>
> lbeg = 0
> step = 1
> wrap = -1081744888
> pl = 1
> broken = <value optimized out>
> first = 1
> nolist = 0
> mode = 0
> modecs = 135695184
> modell = 16
> modelen = 135292800
> wasmeta = 1
> s = 0x0
> status =
> "\000\000\000\000\000\020\000\000\000\000\000\000\000\020\000\000t...@???\000\000\000\000\000\000\000\000\025?\201i\000\000\000\000w\a?i\000\000\000\000p\213\026\b@???\004\000\000\000\031\000\000\000P\205\026\b
>
> ?\026\b\210?\205??m??t?ܷ?\21...@???`\206\026\b\210?\205?\226?ܷ@???`\206\026\b?f\02...@???@???\000\003\027\b"
> modeline = 0x0
> fdat = (Chdata) 0xbf85e3ec
> lastsearch = 0x0
> #1 0x0808efca in runhookdef (h=0xb7b6c834, d=0xbf85e3ec) at
> ../../Src/module.c:990
> p = (LinkNode) 0x8120a50
> r = 632
> #2 0xb7b5c740 in after_complete (dummy=0xb7ba307c, dat=0xbf85e588) at
> ../../../Src/Zle/compcore.c:515
> cdat = {matches = 0x816e6a0, num = 25, nmesg = 0, cur = 0x0}
> ret = <value optimized out>
> #3 0xb7b94d17 in docomplete (lst=0) at ../../../Src/Zle/zle_tricky.c:869
> s = 0x8101b70 "0\031\020\bp???/_zf\021"
> ol = 0x0
> olst = 4
> chl = 0
> ne = 0
> ocs = 3
> ret = 1
> dat = {0, 1}
> active = 1
> #4 0xb7b90a40 in completecall (args=0xb7ba33a0) at
> ../../../Src/Zle/zle_tricky.c:208
> No locals.
> #5 0xb7b81d05 in execzlefunc (func=0xb7ba0630, args=0xb7ba33a0, set_bindk=0)
> at ../../../Src/Zle/zle_main.c:1292
> ret = <value optimized out>
> remetafy = 0
> w = (Widget) 0x80f9590
> save_bindk = (Thingy) 0xb7ba0630
> #6 0xb7b81f22 in zlecore () at ../../../Src/Zle/zle_main.c:1043
> No locals.
> #7 0xb7b82538 in zleread (lp=0x80dfcbc, rp=0x0, flags=3, context=0) at
> ../../../Src/Zle/zle_main.c:1206
> s = <value optimized out>
> ---Type <return> to continue, or q <return> to quit---
> old_errno = 22
> initthingy = <value optimized out>
> #8 0xb7b84197 in zle_main_entry (cmd=79, ap=0x4f <Address 0x4f out of
> bounds>)
> at ../../../Src/Zle/zle_main.c:1836
> No locals.
> #9 0x0807d212 in zleentry (cmd=1) at ../../Src/init.c:1255
> ret = <value optimized out>
> #10 0x080808b3 in ingetc () at ../../Src/input.c:278
> lastc = <value optimized out>
> #11 0x0807bd57 in ihgetc () at ../../Src/hist.c:263
> c = <value optimized out>
> #12 0x08087db6 in yylex () at ../../Src/lex.c:677
> No locals.
> #13 0x080a3f5a in parse_event () at ../../Src/parse.c:451
> No locals.
> #14 0x0807f064 in loop (toplevel=1, justonce=0) at ../../Src/init.c:129
> prog = (Eprog) 0xbf85ec24
> #15 0x0807fe06 in zsh_main (argc=1, argv=0xbf85ec24) at ../../Src/init.c:1406
> t = <value optimized out>
> t0 = <value optimized out>
> #16 0x08054b62 in main (argc=Cannot access memory at address 0x4f
> ) at ../../Src/main.c:93
> No locals.
[...]
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
