[Pkg-zsh-devel] Bug#856046: Bug#856046: zsh: fix two segfaults in zsh/parameter module appends
Axel Beckert
abe at debian.org
Fri Feb 24 18:13:59 UTC 2017
Control: tag -1 + confirmed
Control: forwarded -1 http://www.zsh.org/mla/workers/2017/msg00251.html
Control: found -1 4.3.17-1
Control: found -1 5.0.7-5
Hi,
thanks to Daniel for the report and especially the patches.
Daniel Shahaf wrote:
> Version: 5.3.1-3
Actually this issue seems to be no (recent) regression but a crash
which can be reproduced on Debian Jessie and Wheezy, too. It though
looks slightly different with older zsh versions and requires a little
bit more constraints to be triggered. See below.
> Please find attached two segfault fixes for zsh.
The according upstream bug report (which only covers one half of the
issue as it's currently known) can be found at
http://www.zsh.org/mla/workers/2017/msg00251.html
Following is a minimal case reproduce this on Debian Sid/Stretch with
5.3.1-3:
→ zsh -f
stretch% options+=()
stretch% options+=()
[1] - 17934 segmentation fault (core dumped) zsh -f
→ zsh -f
stretch% functions+=()
stretch% functions+=()
[1] 18988 segmentation fault (core dumped) zsh -f
On Jessie (zsh 5.0.7-5) it requires at least one pair of values to
crash, so not requiring a value to crash might be considered a
regression:
→ zsh -f
jessie% options+=(a b)
zsh: invalid value: b
jessie% options+=(a b)
zsh: invalid value: b
[1] 25740 segmentation fault (core dumped) zsh -f
→ zsh -f
jessie% functions+=(a b)
jessie% functions+=(a b)
[1] 25785 segmentation fault (core dumped) zsh -f
On Wheezy (zsh 4.3.17-1) it even crashes on the first invocation, but
requires at least one pair of values to crash:
→ zsh -f
wheezy% functions+=(a b)
*** glibc detected *** zsh: free(): invalid pointer: 0x00007f98af455c78 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x75bb6)[0x7f98ae678bb6]
/lib/x86_64-linux-gnu/libc.so.6(cfree+0x6c)[0x7f98ae67d95c]
zsh(strsetfn+0x1d)[0x45c28d]
zsh(setstrvalue+0x482)[0x45e5b2]
zsh(arrhashsetfn+0x95)[0x45e6b5]
zsh(assignaparam+0x10e)[0x46201e]
zsh[0x4276bc]
zsh[0x427a49]
zsh(execlist+0x1f1)[0x42de41]
zsh(execode+0xaf)[0x42e57f]
zsh(loop+0xa2)[0x43eaf2]
zsh(zsh_main+0x606)[0x4418d6]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd)[0x7f98ae621ead]
zsh[0x410551]
======= Memory map: ========
00400000-004a4000 r-xp 00000000 ca:02 5464232 /bin/zsh4
006a3000-006a4000 r--p 000a3000 ca:02 5464232 /bin/zsh4
006a4000-006aa000 rw-p 000a4000 ca:02 5464232 /bin/zsh4
006aa000-006be000 rw-p 00000000 00:00 0
010af000-010f1000 rw-p 00000000 00:00 0 [heap]
7f98a8000000-7f98a8021000 rw-p 00000000 00:00 0
7f98a8021000-7f98ac000000 ---p 00000000 00:00 0
7f98acd60000-7f98acd75000 r-xp 00000000 ca:02 16318790 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f98acd75000-7f98acf75000 ---p 00015000 ca:02 16318790 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f98acf75000-7f98acf76000 rw-p 00015000 ca:02 16318790 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f98acf76000-7f98acf7f000 r-xp 00000000 ca:02 4235476 /usr/lib/zsh/4.3.17/zsh/parameter.so
7f98acf7f000-7f98ad17e000 ---p 00009000 ca:02 4235476 /usr/lib/zsh/4.3.17/zsh/parameter.so
7f98ad17e000-7f98ad17f000 r--p 00008000 ca:02 4235476 /usr/lib/zsh/4.3.17/zsh/parameter.so
7f98ad17f000-7f98ad180000 rw-p 00009000 ca:02 4235476 /usr/lib/zsh/4.3.17/zsh/parameter.so
7f98ad180000-7f98ad18f000 r-xp 00000000 ca:02 4235518 /usr/lib/zsh/4.3.17/zsh/compctl.so
7f98ad18f000-7f98ad38f000 ---p 0000f000 ca:02 4235518 /usr/lib/zsh/4.3.17/zsh/compctl.so
7f98ad38f000-7f98ad390000 r--p 0000f000 ca:02 4235518 /usr/lib/zsh/4.3.17/zsh/compctl.so
7f98ad390000-7f98ad391000 rw-p 00010000 ca:02 4235518 /usr/lib/zsh/4.3.17/zsh/compctl.so
7f98ad391000-7f98ad3b4000 r-xp 00000000 ca:02 4235513 /usr/lib/zsh/4.3.17/zsh/complete.so
7f98ad3b4000-7f98ad5b4000 ---p 00023000 ca:02 4235513 /usr/lib/zsh/4.3.17/zsh/complete.so
7f98ad5b4000-7f98ad5b5000 r--p 00023000 ca:02 4235513 /usr/lib/zsh/4.3.17/zsh/complete.so
7f98ad5b5000-7f98ad5b6000 rw-p 00024000 ca:02 4235513 /usr/lib/zsh/4.3.17/zsh/complete.so
7f98ad5b6000-7f98ad5b7000 rw-p 00000000 00:00 0
7f98ad5b7000-7f98ad5f8000 r-xp 00000000 ca:02 4235500 /usr/lib/zsh/4.3.17/zsh/zle.so
7f98ad5f8000-7f98ad7f8000 ---p 00041000 ca:02 4235500 /usr/lib/zsh/4.3.17/zsh/zle.so
7f98ad7f8000-7f98ad7f9000 r--p 00041000 ca:02 4235500 /usr/lib/zsh/4.3.17/zsh/zle.so
7f98ad7f9000-7f98ad800000 rw-p 00042000 ca:02 4235500 /usr/lib/zsh/4.3.17/zsh/zle.so
7f98ad800000-7f98ad801000 rw-p 00000000 00:00 0
7f98ad801000-7f98ad80c000 r-xp 00000000 ca:02 9486598 /lib/x86_64-linux-gnu/libnss_files-2.13.so
7f98ad80c000-7f98ada0b000 ---p 0000b000 ca:02 9486598 /lib/x86_64-linux-gnu/libnss_files-2.13.so
7f98ada0b000-7f98ada0c000 r--p 0000a000 ca:02 9486598 /lib/x86_64-linux-gnu/libnss_files-2.13.so
7f98ada0c000-7f98ada0d000 rw-p 0000b000 ca:02 9486598 /lib/x86_64-linux-gnu/libnss_files-2.13.so
7f98ada0d000-7f98ada17000 r-xp 00000000 ca:02 9486593 /lib/x86_64-linux-gnu/libnss_nis-2.13.so
7f98ada17000-7f98adc16000 ---p 0000a000 ca:02 9486593 /lib/x86_64-linux-gnu/libnss_nis-2.13.so
7f98adc16000-7f98adc17000 r--p 00009000 ca:02 9486593 /lib/x86_64-linux-gnu/libnss_nis-2.13.so
7f98adc17000-7f98adc18000 rw-p 0000a000 ca:02 9486593 /lib/x86_64-linux-gnu/libnss_nis-2.13.so
7f98adc18000-7f98adc2d000 r-xp 00000000 ca:02 9486595 /lib/x86_64-linux-gnu/libnsl-2.13.so
7f98adc2d000-7f98ade2c000 ---p 00015000 ca:02 9486595 /lib/x86_64-linux-gnu/libnsl-2.13.so
7f98ade2c000-7f98ade2d000 r--p 00014000 ca:02 9486595 /lib/x86_64-linux-gnu/libnsl-2.13.so
7f98ade2d000-7f98ade2e000 rw-p 00015000 ca:02 9486595 /lib/x86_64-linux-gnu/libnsl-2.13.so
7f98ade2e000-7f98ade30000 rw-p 00000000 00:00 0
7f98ade30000-7f98ade37000 r-xp 00000000 ca:02 9486538 /lib/x86_64-linux-gnu/libnss_compat-2.13.so
7f98ade37000-7f98ae036000 ---p 00007000 ca:02 9486538 /lib/x86_64-linux-gnu/libnss_compat-2.13.so
7f98ae036000-7f98ae037000 r--p 00006000 ca:02 9486538 /lib/x86_64-linux-gnu/libnss_compat-2.13.so
7f98ae037000-7f98ae038000 rw-p 00007000 ca:02 9486538 /lib/x86_64-linux-gnu/libnss_compat-2.13.so
7f98ae038000-7f98ae3fe000 r--p 00000000 ca:02 7725092 /usr/lib/locale/locale-archive
7f98ae3fe000-7f98ae402000 r-xp 00000000 ca:02 16318766 /lib/x86_64-linux-gnu/libattr.so.1.1.0
7f98ae402000-7f98ae601000 ---p 00004000 ca:02 16318766 /lib/x86_64-linux-gnu/libattr.so.1.1.0
7f98ae601000-7f98ae602000 r--p 00003000 ca:02 16318766 /lib/x86_64-linux-gnu/libattr.so.1.1.0
7f98ae602000-7f98ae603000 rw-p 00004000 ca:02 16318766 /lib/x86_64-linux-gnu/libattr.so.1.1.0
7f98ae603000-7f98ae787000 r-xp 00000000 ca:02 9486574 /lib/x86_64-linux-gnu/libc-2.13.so
7f98ae787000-7f98ae986000 ---p 00184000 ca:02 9486574 /lib/x86_64-linux-gnu/libc-2.13.so
7f98ae986000-7f98ae98a000 r--p 00183000 ca:02 9486574 /lib/x86_64-linux-gnu/libc-2.13.so
7f98ae98a000-7f98ae98b000 rw-p 00187000 ca:02 9486574 /lib/x86_64-linux-gnu/libc-2.13.so
7f98ae98b000-7f98ae990000 rw-p 00000000 00:00 0
7f98ae990000-7f98aea11000 r-xp 00000000 ca:02 9486620 /lib/x86_64-linux-gnu/libm-2.13.so
7f98aea11000-7f98aec10000 ---p 00081000 ca:02 9486620 /lib/x86_64-linux-gnu/libm-2.13.so
7f98aec10000-7f98aec11000 r--p 00080000 ca:02 9486620 /lib/x86_64-linux-gnu/libm-2.13.so
7f98aec11000-7f98aec12000 rw-p 00081000 ca:02 9486620 /lib/x86_64-linux-gnu/libm-2.13.so
7f98aec12000-7f98aec37000 r-xp 00000000 ca:02 16318760 /lib/x86_64-linux-gnu/libtinfo.so.5.9[1] 9568 abort zsh -f
Regards, Axel
--
,''`. | Axel Beckert <abe at debian.org>, http://people.debian.org/~abe/
: :' : | Debian Developer, ftp.ch.debian.org Admin
`. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5
`- | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
More information about the Pkg-zsh-devel
mailing list