[Pkg-zsh-devel] Bug#418199: #418199 (zsh: segfault with exceedingly long path) not really fixed upstream ( was: Re: DZB: Debian Zsh Bugs - The big picture [...])

Axel Beckert abe at debian.org
Wed Jul 25 17:34:54 UTC 2012 

tag 418199 - fixed-upstream + confirmed
found 418199 4.3.10-14
found 418199 4.3.17-1
kthxbye

Hi,

Frank Terbeck wrote:
> **** #418199 segfault with exceedingly long path
> 
>      This one has a fixed-upstream tag, due to a patch by pws. I
>      vaguely remember this being committed upstream, too.

This has said to be fixed by upstream 2.5 years ago in commit d388995e
on 05-Jan-2009 and hence should have been fixed with the upload of
4.3.10-1.

>      Wouldn't hurt to retest, though.

Well spoken. I just tested it, and it (still) hurts: 4.3.10-14 from
Squeeze and 4.3.17-1 from Sid/Wheezy are still clearly affected.

Interestingly zsh 4.3.17 and zsh 5.0.0 behave differently here: zsh
4.3.10 and 4.3.17 still just segfault. zsh 5.0.0 aborts with a
buffer overflow detection:

~ → zsh
~ → echo $SHLVL
2
~ → cd /tmp
/tmp → for i in `seq 1000`; do mkdir 0123456789; cd 0123456789; done; cd ..
*** buffer overflow detected ***: zsh terminated
======= Backtrace: =========
/lib/i386-linux-gnu/i686/cmov/libc.so.6(__fortify_fail+0x50)[0xb7619e70]
/lib/i386-linux-gnu/i686/cmov/libc.so.6(+0xe3daa)[0xb7618daa]
/lib/i386-linux-gnu/i686/cmov/libc.so.6(+0xe34e8)[0xb76184e8]
/lib/i386-linux-gnu/i686/cmov/libc.so.6(_IO_default_xsputn+0x9e)[0xb75a192e]
/lib/i386-linux-gnu/i686/cmov/libc.so.6(_IO_vfprintf+0x478a)[0xb757669a]
/lib/i386-linux-gnu/i686/cmov/libc.so.6(__vsprintf_chk+0xa7)[0xb7618597]
/lib/i386-linux-gnu/i686/cmov/libc.so.6(__sprintf_chk+0x2d)[0xb76184dd]
zsh[0x80be034]
======= Memory map: ========
08048000-080dd000 r-xp 00000000 08:01 48970      /bin/zsh5
080dd000-080de000 r--p 00094000 08:01 48970      /bin/zsh5
080de000-080e2000 rw-p 00095000 08:01 48970      /bin/zsh5
080e2000-080f5000 rw-p 00000000 00:00 0 
09228000-0a562000 rw-p 00000000 00:00 0          [heap]
b6f45000-b6f61000 r-xp 00000000 08:01 42049      /lib/i386-linux-gnu/libgcc_s.so.1
b6f61000-b6f62000 rw-p 0001b000 08:01 42049      /lib/i386-linux-gnu/libgcc_s.so.1
b6f75000-b6f84000 r-xp 00000000 08:01 33018      /usr/lib/zsh/5.0.0/zsh/computil.so
b6f84000-b6f85000 r--p 0000f000 08:01 33018      /usr/lib/zsh/5.0.0/zsh/computil.so
b6f85000-b6f86000 rw-p 00010000 08:01 33018      /usr/lib/zsh/5.0.0/zsh/computil.so
b6f8a000-b6faa000 rw-p 00000000 00:00 0 
b6fab000-b6fad000 r-xp 00000000 08:01 32864      /usr/lib/zsh/5.0.0/zsh/zleparameter.so
b6fad000-b6fae000 r--p 00001000 08:01 32864      /usr/lib/zsh/5.0.0/zsh/zleparameter.so
b6fae000-b6faf000 rw-p 00002000 08:01 32864      /usr/lib/zsh/5.0.0/zsh/zleparameter.so
b6fb1000-b70cb000 rw-p 00000000 00:00 0 
b70cc000-b70d4000 rw-p 00000000 00:00 0 
b70d5000-b70d9000 rw-p 00000000 00:00 0 
b70d9000-b70dd000 r-xp 00000000 08:01 115602     /usr/lib/zsh/5.0.0/zsh/rlimits.so
b70dd000-b70de000 r--p 00003000 08:01 115602     /usr/lib/zsh/5.0.0/zsh/rlimits.so
b70de000-b70df000 rw-p 00004000 08:01 115602     /usr/lib/zsh/5.0.0/zsh/rlimits.so
b70df000-b7104000 rw-p 00000000 00:00 0 
b7104000-b7107000 r-xp 00000000 08:01 33514      /usr/lib/zsh/5.0.0/zsh/mathfunc.so
b7107000-b7108000 r--p 00002000 08:01 33514      /usr/lib/zsh/5.0.0/zsh/mathfunc.so
b7108000-b7109000 rw-p 00003000 08:01 33514      /usr/lib/zsh/5.0.0/zsh/mathfunc.so
b7109000-b710a000 r-xp 00000000 08:01 117531     /usr/lib/zsh/5.0.0/zsh/deltochar.so
b710a000-b710b000 r--p 00000000 08:01 117531     /usr/lib/zsh/5.0.0/zsh/deltochar.so
b710b000-b710c000 rw-p 00001000 08:01 117531     /usr/lib/zsh/5.0.0/zsh/deltochar.so
b710c000-b7119000 r-xp 00000000 08:01 33385      /usr/lib/zsh/5.0.0/zsh/complist.so
b7119000-b711a000 r--p 0000d000 08:01 33385      /usr/lib/zsh/5.0.0/zsh/complist.so
b711a000-b711b000 rw-p 0000e000 08:01 33385      /usr/lib/zsh/5.0.0/zsh/complist.so
b711b000-b7159000 rw-p 00000000 00:00 0 
b715a000-b7162000 rw-p 00000000 00:00 0 
b7162000-b716a000 r-xp 00000000 08:01 33404      /usr/lib/zsh/5.0.0/zsh/parameter.so
b716a000-b716b000 r--p 00007000 08:01 33404      /usr/lib/zsh/5.0.0/zsh/parameter.so
b716b000-b716c000 rw-p 00008000 08:01 33404      /usr/lib/zsh/5.0.0/zsh/parameter.so
b716c000-b7172000 r-xp 00000000 08:01 117516     /usr/lib/zsh/5.0.0/zsh/zutil.so
b7172000-b7173000 r--p 00005000 08:01 117516     /usr/lib/zsh/5.0.0/zsh/zutil.so
b7173000-b7174000 rw-p 00006000 08:01 117516     /usr/lib/zsh/5.0.0/zsh/zutil.so
b7174000-b7195000 r-xp 00000000 08:01 33509      /usr/lib/zsh/5.0.0/zsh/complete.so
b7195000-b7196000 r--p 00020000 08:01 33509      /usr/lib/zsh/5.0.0/zsh/complete.so
b7196000-b7197000 rw-p 00021000 08:01 33509      /usr/lib/zsh/5.0.0/zsh/complete.so
b7197000-b71d1000 r-xp 00000000 08:01 33405      /usr/lib/zsh/5.0.0/zsh/zle.so
b71d1000-b71d2000 r--p 0003a000 08:01 33405      /usr/lib/zsh/5.0.0/zsh/zle.so
b71d2000-b71d6000 rw-p 0003b000 08:01 33405      /usr/lib/zsh/5.0.0/zsh/zle.so
b71d6000-b71d7000 rw-p 00000000 00:00 0 
b71d7000-b71e1000 r-xp 00000000 08:01 33693      /lib/i386-linux-gnu/i686/cmov/libnss_files-2.13.so
b71e1000-b71e2000 r--p 00009000 08:01 33693      /lib/i386-linux-gnu/i686/cmov/libnss_files-2.13.so
b71e2000-b71e3000 rw-p 0000a000 08:01 33693      /lib/i386-linux-gnu/i686/cmov/libnss_files-2.13.so
b71e3000-b71ec000 r-xp 00000000 08:01 32791      /lib/i386-linux-gnu/i686/cmov/libnss_nis-2.13.so
b71ec000-b71ed000 r--p 00008000 08:01 32791      /lib/i386-linux-gnu/i686/cmov/libnss_nis-2.13.so
b71ed000-b71ee000 rw-p 00009000 08:01 32791      /lib/i386-linux-gnu/i686/cmov/libnss_nis-2.13.so
b71ee000-b7201000 r-xp 00000000 08:01 33647      /lib/i386-linux-gnu/i686/cmov/libnsl-2.13.so
b7201000-b7202000 r--p 00012000 08:01 33647      /lib/i386-linux-gnu/i686/cmov/libnsl-2.13.so
b7202000-b7203000 rw-p 00013000 08:01 33647      /lib/i386-linux-gnu/i686/cmov/libnsl-2.13.so
b7203000-b7205000 rw-p 00000000 00:00 0 
b7205000-b720b000 r-xp 00000000 08:01 33101      /lib/i386-linux-gnu/i686/cmov/libnss_compat-2.13.so
b720b000-b720c000 r--p 00005000 08:01 33101      /lib/i386-linux-gnu/i686/cmov/libnss_compat-2.13.so
b720c000-b720d000 rw-p 00006000 08:01 33101      /lib/i386-linux-gnu/i686/cmov/libnss_compat-2.13.so
b720d000-b732d000 r--p 001b5000 08:01 180696     /usr/lib/locale/locale-archive
b732d000-b752d000 r--p 00000000 08:01 180696     /usr/lib/locale/locale-archive
b752d000-b752f000 rw-p 00000000 00:00 0 
b752f000-b7533000 r-xp 00000000 08:01 57054      /lib/i386-linux-gnu/libattr.so.1.1.0
b7533000-b7534000 r--p 00003000 08:01 57054      /lib/i386-linux-gnu/libattr.so.1.1.0
b7534000-b7535000 rw-p 00004000 08:01 57054      /lib/i386-linux-gnu/libattr.so.1.1.0
b7535000-b768b000 r-xp 00000000 08:01 33686      /lib/i386-linux-gnu/i686/cmov/libc-2.13.so
b768b000-b768c000 ---p 00156000 08:01 33686      /lib/i386-linux-gnu/i686/cmov/libc-2.13.so
b768c000-b768e000 r--p 00156000 08:01 33686      /lib/i386-linux-gnu/i686/cmov/libc-2.13.so
b768e000-b768f000 rw-p 00158000 08:01 33686      /lib/i386-linux-gnu/i686/cmov/libc-2.13.so
b768f000-b7692000 rw-p 00000000 00:00 0 
b7692000-b76b6000 r-xp 00000000 08:01 33115      /lib/i386-linux-gnu/i686/cmov/libm-2.13.so
b76b6000-b76b7000 r--p 00023000 08:01 33115      /lib/i386-linux-gnu/i686/cmov/libm-2.13.so
b76b7000-b76b8000 rw-p 00024000 08:01 33115      /lib/i386-linux-gnu/i686/cmov/libm-2.13.so
b76b8000-b76d5000 r-xp 00000000 08:01 33152      /lib/i386-linux-gnu/libtinfo.so.5.9
b76d5000-b76d7000 r--p 0001c000 08:01 33152      /lib/i386-linux-gnu/libtinfo.so.5.9
b76d7000-b76d8000 rw-p 0001e000 08:01 33152      /lib/i386-linux-gnu/libtinfo.so.5.9
b76d8000-b76d9000 rw-p 00000000 00:00 0 
b76d9000-b76db000 r-xp 00000000 08:01 32888      /lib/i386-linux-gnu/i686/cmov/libdl-2.13.so
b76db000-b76dc000 r--p 00001000 08:01 32888      /lib/i386-linux-gnu/i686/cmov/libdl-2.13.so
b76dc000-b76dd000 rw-p 00002000 08:01 32888      /lib/i386-linux-gnu/i686/cmov/libdl-2.13.so
b76dd000-b76e1000 r-xp 00000000 08:01 32770      /lib/i386-linux-gnu/libcap.so.2.22
b76e1000-b76e2000 rw-p 00003000 08:01 32770      /lib/i386-linux-gnu/libcap.so.2.22
b76e5000-b76e7000 r-xp 00000000 08:01 33503      /usr/lib/zsh/5.0.0/zsh/terminfo.so
b76e7000-b76e8000 r--p 00001000 08:01 33503      /usr/lib/zsh/5.0.0/zsh/terminfo.so
b76e8000-b76e9000 rw-p 00002000 08:01 33503      /usr/lib/zsh/5.0.0/zsh/terminfo.so
b76ea000-b76ee000 rw-p 00000000 00:00 0 
b76ee000-b76f5000 r--s 00000000 08:01 58898      /usr/lib/i386-linux-gnu/gconv/gconv-modules.cache
b76f5000-b76f7000 rw-p 00000000 00:00 0 
b76f7000-b76f8000 r-xp 00000000 00:00 0          [vdso]
b76f8000-b7714000 r-xp 00000000 08:01 34151      /lib/i386-linux-gnu/ld-2.13.so
b7714000-b7715000 r--p 0001b000 08:01 34151      /lib/i386-linux-gnu/ld-2.13.so
b7715000-b7716000 rw-p 0001c000 08:01 34151      /lib/i386-linux-gnu/ld-2.13.so
bffd6000-bfff7000 rw-p 00000000 00:00 0          [stack]
[1]    10743 abort      zsh
zsh  15.78s user 14.98s system 31% cpu 1:37.42 total
~ → 

So I'm not sure if that counts as "fixed in 5.0.0-1" (i.e. no more
segfaults) or as "still present 5.0.0-1" (i.e. still exits instead of
refusing to change the directory and emit an error message instead).

		Regards, Axel
-- 
 ,''`.  |  Axel Beckert <abe at debian.org>, http://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE
  `-    |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5

More information about the Pkg-zsh-devel mailing list