Bug 1408619

Summary: Zsh crashes with "Error in `zsh': double free or corruption (!prev)"
Product: Red Hat Enterprise Linux 7 Reporter: Supreet <srandhaw>
Component: zshAssignee: Kamil Dudka <kdudka>
Status: CLOSED ERRATA QA Contact: Jakub Heger <jheger>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.3CC: isenfeld, jkejda, kdudka, pandrade
Target Milestone: rcKeywords: Patch
Target Release: 7.4   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: zsh-5.0.2-28.el7 Doc Type: If docs needed, set a value
Doc Text:
NEEDLESS TO DOCUMENT
 Story Points: ---
Clone Of:
: 1426631 (view as bug list) Environment:
Last Closed: 2017-08-01 20:38:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1426631    

Description Supreet 2016-12-26 03:23:38 UTC 
Description of problem:

While executing below command :

[root@rhel7u3 ~]# env -i zsh -f repro_zsh_crash

Zsh crashes everytime.

[root@rhel7u3 ~]# env -i zsh -f repro_zsh_crash 
*** Error in `zsh': double free or corruption (!prev): 0x0000000000ddc2b0 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x7c503)[0x7f88fbe94503]
zsh(bin_print+0x2ad)[0x417efd]
zsh(execbuiltin+0x302)[0x41ca02]
zsh[0x42bc6a]
zsh[0x42c2c6]
zsh[0x42c703]
zsh(execlist+0x815)[0x42e495]
zsh(execfor+0x251)[0x4505a1]
zsh[0x42ad94]
zsh[0x42c2c6]
zsh[0x42c703]
zsh(execlist+0x815)[0x42e495]
zsh(execode+0xa2)[0x42e782]
zsh(loop+0xbf)[0x440a3f]
zsh(zsh_main+0x47e)[0x44417e]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7f88fbe39b35]
zsh[0x40ed8e]
======= Memory map: ========
00400000-004ab000 r-xp 00000000 fd:00 147192                             /usr/bin/zsh
006aa000-006ab000 r--p 000aa000 fd:00 147192                             /usr/bin/zsh
006ab000-006b1000 rw-p 000ab000 fd:00 147192                             /usr/bin/zsh
006b1000-006c5000 rw-p 00000000 00:00 0 
00dcc000-00ded000 rw-p 00000000 00:00 0                                  [heap]
7f88f0000000-7f88f0021000 rw-p 00000000 00:00 0 
7f88f0021000-7f88f4000000 ---p 00000000 00:00 0 
7f88f52aa000-7f88f52bf000 r-xp 00000000 fd:00 8388684                    /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f88f52bf000-7f88f54be000 ---p 00015000 fd:00 8388684                    /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f88f54be000-7f88f54bf000 r--p 00014000 fd:00 8388684                    /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f88f54bf000-7f88f54c0000 rw-p 00015000 fd:00 8388684                    /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f88f54c0000-7f88fb9e9000 r--p 00000000 fd:00 8695804                    /usr/lib/locale/locale-archive
7f88fb9e9000-7f88fb9f5000 r-xp 00000000 fd:00 8695775                    /usr/lib64/libnss_files-2.17.so
7f88fb9f5000-7f88fbbf4000 ---p 0000c000 fd:00 8695775                    /usr/lib64/libnss_files-2.17.so
7f88fbbf4000-7f88fbbf5000 r--p 0000b000 fd:00 8695775                    /usr/lib64/libnss_files-2.17.so
7f88fbbf5000-7f88fbbf6000 rw-p 0000c000 fd:00 8695775                    /usr/lib64/libnss_files-2.17.so
7f88fbbf6000-7f88fbbfc000 rw-p 00000000 00:00 0 
7f88fbbfc000-7f88fbc13000 r-xp 00000000 fd:00 8695783                    /usr/lib64/libpthread-2.17.so
7f88fbc13000-7f88fbe12000 ---p 00017000 fd:00 8695783                    /usr/lib64/libpthread-2.17.so
7f88fbe12000-7f88fbe13000 r--p 00016000 fd:00 8695783                    /usr/lib64/libpthread-2.17.so
7f88fbe13000-7f88fbe14000 rw-p 00017000 fd:00 8695783                    /usr/lib64/libpthread-2.17.so
7f88fbe14000-7f88fbe18000 rw-p 00000000 00:00 0 
7f88fbe18000-7f88fbfce000 r-xp 00000000 fd:00 8695757                    /usr/lib64/libc-2.17.so
7f88fbfce000-7f88fc1ce000 ---p 001b6000 fd:00 8695757                    /usr/lib64/libc-2.17.so
7f88fc1ce000-7f88fc1d2000 r--p 001b6000 fd:00 8695757                    /usr/lib64/libc-2.17.so
7f88fc1d2000-7f88fc1d4000 rw-p 001ba000 fd:00 8695757                    /usr/lib64/libc-2.17.so
7f88fc1d4000-7f88fc1d9000 rw-p 00000000 00:00 0 
7f88fc1d9000-7f88fc2d9000 r-xp 00000000 fd:00 8695765                    /usr/lib64/libm-2.17.so
7f88fc2d9000-7f88fc4d9000 ---p 00100000 fd:00 8695765                    /usr/lib64/libm-2.17.so
7f88fc4d9000-7f88fc4da000 r--p 00100000 fd:00 8695765                    /usr/lib64/libm-2.17.so
7f88fc4da000-7f88fc4db000 rw-p 00101000 fd:00 8695765                    /usr/lib64/libm-2.17.so
7f88fc4db000-7f88fc4e2000 r-xp 00000000 fd:00 8695787                    /usr/lib64/librt-2.17.so
7f88fc4e2000-7f88fc6e1000 ---p 00007000 fd:00 8695787                    /usr/lib64/librt-2.17.so
7f88fc6e1000-7f88fc6e2000 r--p 00006000 fd:00 8695787                    /usr/lib64/librt-2.17.so
7f88fc6e2000-7f88fc6e3000 rw-p 00007000 fd:00 8695787                    /usr/lib64/librt-2.17.so
7f88fc6e3000-7f88fc708000 r-xp 00000000 fd:00 8488414                    /usr/lib64/libtinfo.so.5.9
7f88fc708000-7f88fc908000 ---p 00025000 fd:00 8488414                    /usr/lib64/libtinfo.so.5.9
7f88fc908000-7f88fc90c000 r--p 00025000 fd:00 8488414                    /usr/lib64/libtinfo.so.5.9
7f88fc90c000-7f88fc90d000 rw-p 00029000 fd:00 8488414                    /usr/lib64/libtinfo.so.5.9
7f88fc90d000-7f88fc944000 r-xp 00000000 fd:00 8488406                    /usr/lib64/libncursesw.so.5.9
7f88fc944000-7f88fcb43000 ---p 00037000 fd:00 8488406                    /usr/lib64/libncursesw.so.5.9
7f88fcb43000-7f88fcb44000 r--p 00036000 fd:00 8488406                    /usr/lib64/libncursesw.so.5.9
7f88fcb44000-7f88fcb45000 rw-p 00037000 fd:00 8488406                    /usr/lib64/libncursesw.so.5.9
7f88fcb45000-7f88fcb47000 r-xp 00000000 fd:00 8695763                    /usr/lib64/libdl-2.17.so
7f88fcb47000-7f88fcd47000 ---p 00002000 fd:00 8695763                    /usr/lib64/libdl-2.17.so
7f88fcd47000-7f88fcd48000 r--p 00002000 fd:00 8695763                    /usr/lib64/libdl-2.17.so
7f88fcd48000-7f88fcd49000 rw-p 00003000 fd:00 8695763                    /usr/lib64/libdl-2.17.so
7f88fcd49000-7f88fcd69000 r-xp 00000000 fd:00 8695750                    /usr/lib64/ld-2.17.so
7f88fcf4f000-7f88fcf53000 rw-p 00000000 00:00 0 
7f88fcf53000-7f88fcf5a000 r--s 00000000 fd:00 16896092                   /usr/lib64/gconv/gconv-modules.cache
7f88fcf5a000-7f88fcf5f000 rw-p 00000000 00:00 0 
7f88fcf61000-7f88fcf68000 rw-p 00000000 00:00 0 
7f88fcf68000-7f88fcf69000 r--p 0001f000 fd:00 8695750                    /usr/lib64/ld-2.17.so
7f88fcf69000-7f88fcf6a000 rw-p 00020000 fd:00 8695750                    /usr/lib64/ld-2.17.so
7f88fcf6a000-7f88fcf6b000 rw-p 00000000 00:00 0 
7fff0f191000-7fff0f1b2000 rw-p 00000000 00:00 0                          [stack]
7fff0f1b7000-7fff0f1b9000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Aborted (core dumped)
[root@rhel7u3 ~]# 

Version-Release number of selected component (if applicable):
zsh-5.0.2-25.el7.x86_64

How reproducible:
# env -i zsh -f repro_zsh_crash

Steps to Reproduce:
1.Use the file repro_zsh_crash
2.Execute the command :
# env -i zsh -f repro_zsh_crash
Comment 5 Kamil Dudka 2017-01-03 11:59:47 UTC 
Patch proposed upstream:

http://www.zsh.org/mla/workers/2017/msg00009.html
Comment 6 Kamil Dudka 2017-01-03 14:31:20 UTC 
Upstream commit:

https://sourceforge.net/p/zsh/code/ci/8d4c9854
Comment 11 errata-xmlrpc 2017-08-01 20:38:39 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:1955