Bug 610505

Summary: Crash when searching the history
Product: Red Hat Enterprise Linux 5 Reporter: Tomas Smetana <tsmetana>
Component: zshAssignee: James Antill <james.antill>
Status: CLOSED ERRATA QA Contact: Branislav NĂ¡ter <bnater>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.5CC: bnater, jwest, tao
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: zsh-4.2.6-4.el5 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-10-27 16:19:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Proposed patch none

Description Tomas Smetana 2010-07-02 09:31:24 UTC 
Description of problem:
The zsh can crash when searching the history in the vi mode.

Version-Release number of selected component (if applicable):
zsh-4.2.6-3.el5

How reproducible:
Almost always

Steps to Reproduce:
1. set -o vi
2. enter few commands (echo foo)
3. press ESC to enter the vi command mode
4. press '?' to search in the history and find some term
5. scroll in the history (press the up/down arrow)
6. press '/' to search in the history in forward mode
7. GOTO 4.
  
Actual results:
*** glibc detected *** zsh: double free or corruption (fasttop): 0x000000001edd85d0 ***
======= Backtrace: =========
/lib64/libc.so.6[0x332767230f]
/lib64/libc.so.6(cfree+0x4b)[0x332767276b]
/usr/lib64/zsh/4.2.6/zsh/zle.so[0x2afabe6c8c30]
/usr/lib64/zsh/4.2.6/zsh/zle.so(vihistorysearchbackward+0x6f)[0x2afabe6c99af]
/usr/lib64/zsh/4.2.6/zsh/zle.so(execzlefunc+0xae)[0x2afabe6cecae]
/usr/lib64/zsh/4.2.6/zsh/zle.so(zlecore+0xec)[0x2afabe6cf2dc]
/usr/lib64/zsh/4.2.6/zsh/zle.so(zleread+0x408)[0x2afabe6cf8f8]
zsh(ingetc+0x120)[0x4388a0]
zsh[0x43339d]
zsh(gettok+0x1b)[0x4411fb]
zsh(yylex+0x18)[0x441a08]
zsh(parse_event+0x27)[0x45ce47]
zsh(loop+0x58)[0x437328]
zsh(zsh_main+0x1d1)[0x438021]
/lib64/libc.so.6(__libc_start_main+0xf4)[0x332761d994]
zsh[0x40cc09]

Expected results:
nothing like that

Additional info:
The bug has been found and fixed in the upstream zsh already:
http://www.zsh.org/mla/workers/2007/msg00985.html
http://www.zsh.org/mla/workers/2007/msg00735.html
Comment 1 Tomas Smetana 2010-07-02 09:32:05 UTC 
Created attachment 428782 [details]
Proposed patch
Comment 2 James Antill 2010-07-02 13:49:21 UTC 
Patch is trivial :).
Comment 14 errata-xmlrpc 2010-10-27 16:19:25 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2010-0804.html