1269883 – crash in ksh mode with -n and $HOME

Bug 1269883 - crash in ksh mode with -n and $HOME

Summary: crash in ksh mode with -n and $HOME

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	zsh
Sub Component:
Version:	22
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Kamil Dudka
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1267251
TreeView+	depends on / blocked

Reported:	2015-10-08 12:22 UTC by Kamil Dudka
Modified:	2015-11-03 05:52 UTC (History)
CC List:	4 users (show)
Fixed In Version:	zsh-5.1.1-2.fc24 zsh-5.1.1-2.fc23 zsh-5.0.8-7.fc22
Doc Type:	Bug Fix
Doc Text:
Clone Of:	1267251
Environment:
Last Closed:	2015-11-01 02:44:49 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Kamil Dudka 2015-10-08 12:22:41 UTC

+++ This bug was initially created as a clone of Bug #1267251 +++

--- Additional comment from Tim Speetjens on 2015-09-29 15:20:57 CEST ---

Backtrace from checking the first script:

(gdb) bt
#0  sepsplit (s=0x0, sep=sep@entry=0x0, allownull=allownull@entry=0, heap=heap@entry=1) at utils.c:3198
#1  0x000000000047c1da in paramsubst (pf_flags=<optimized out>, qt=<optimized out>, str=0x7ffdc3b69070, n=<optimized out>, 
    l=<optimized out>) at subst.c:3242
#2  stringsubst (list=list@entry=0x7f34d129a130, node=<optimized out>, pf_flags=<optimized out>, pf_flags@entry=0, asssub=asssub@entry=0)
    at subst.c:236
#3  0x000000000047e7c5 in prefork (list=list@entry=0x7f34d129a130, flags=0) at subst.c:77
#4  0x0000000000428d98 in execcmd (state=state@entry=0x7ffdc3b69950, input=input@entry=0, output=output@entry=0, how=how@entry=18, last1=2)
    at exec.c:2587
#5  0x000000000042b356 in execpline2 (state=state@entry=0x7ffdc3b69950, pcode=pcode@entry=195, how=how@entry=18, input=0, output=0, 
    last1=last1@entry=0) at exec.c:1685
#6  0x000000000042b78c in execpline (state=state@entry=0x7ffdc3b69950, slcode=<optimized out>, how=how@entry=18, last1=0) at exec.c:1470
#7  0x000000000042cb12 in execlist (state=state@entry=0x7ffdc3b69950, dont_change_job=dont_change_job@entry=0, exiting=exiting@entry=0)
    at exec.c:1253
#8  0x000000000042ce02 in execode (p=p@entry=0x7f34d129a0b0, dont_change_job=dont_change_job@entry=0, exiting=exiting@entry=0, 
    context=context@entry=0x48ef99 "toplevel") at exec.c:1062
#9  0x000000000043d4a2 in loop (toplevel=toplevel@entry=1, justonce=justonce@entry=0) at init.c:185
#10 0x000000000044074e in zsh_main (argc=<optimized out>, argv=<optimized out>) at init.c:1616
#11 0x00007f34d0176af5 in __libc_start_main (main=0x40ecf0 <main>, argc=3, ubp_av=0x7ffdc3b69b88, init=<optimized out>, 
    fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffdc3b69b78) at libc-start.c:274


From checking the second one
(gdb) bt
#0  __strlen_sse2_pminub () at ../sysdeps/x86_64/multiarch/strlen-sse2-pminub.S:38
#1  0x000000000047bcd2 in paramsubst (pf_flags=<optimized out>, qt=<optimized out>, str=0x7ffdec4aca80, n=<optimized out>, 
    l=<optimized out>) at subst.c:3719
#2  stringsubst (list=list@entry=0x7fbf76307130, node=<optimized out>, pf_flags=<optimized out>, pf_flags@entry=0, asssub=asssub@entry=1)
    at subst.c:236
#3  0x000000000047e7c5 in prefork (list=list@entry=0x7fbf76307130, flags=1) at subst.c:77
#4  0x0000000000428d98 in execcmd (state=state@entry=0x7ffdec4ad360, input=input@entry=0, output=output@entry=0, how=how@entry=18, last1=2)
    at exec.c:2587
#5  0x000000000042b356 in execpline2 (state=state@entry=0x7ffdec4ad360, pcode=pcode@entry=195, how=how@entry=18, input=0, output=0, 
    last1=last1@entry=0) at exec.c:1685
#6  0x000000000042b78c in execpline (state=state@entry=0x7ffdec4ad360, slcode=<optimized out>, how=how@entry=18, last1=0) at exec.c:1470
#7  0x000000000042cb12 in execlist (state=state@entry=0x7ffdec4ad360, dont_change_job=dont_change_job@entry=0, exiting=exiting@entry=0)
    at exec.c:1253
#8  0x000000000042ce02 in execode (p=p@entry=0x7fbf763070b0, dont_change_job=dont_change_job@entry=0, exiting=exiting@entry=0, 
    context=context@entry=0x48ef99 "toplevel") at exec.c:1062
#9  0x000000000043d4a2 in loop (toplevel=toplevel@entry=1, justonce=justonce@entry=0) at init.c:185
#10 0x000000000044074e in zsh_main (argc=<optimized out>, argv=<optimized out>) at init.c:1616
#11 0x00007fbf751e3af5 in __libc_start_main (main=0x40ecf0 <main>, argc=3, ubp_av=0x7ffdec4ad598, init=<optimized out>, 
    fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffdec4ad588) at libc-start.c:274
#12 0x000000000040ed21 in _start ()
(gdb)

--- Additional comment from Tim Speetjens on 2015-09-30 08:26:40 CEST ---

Looks like I blindly copied the method to create the files, which replace $HOME to its actual value.

The files should instead be created using the following commands:

$ cat <<EOF > test1.ksh
#!/usr/bin/ksh
echo \$HOME
EOF

or

$ cat <<EOF > test2.ksh
#!/usr/bin/ksh
export V=\${HOME}
EOF

--- Additional comment from Kamil Dudka on 2015-10-01 17:44:21 CEST ---

(In reply to Tim Speetjens from comment #9)
> Looks like I blindly copied the method to create the files, which replace
> $HOME to its actual value.

Thank you for clarifying that!

> The files should instead be created using the following commands:
> 
> $ cat <<EOF > test1.ksh
> #!/usr/bin/ksh
> echo \$HOME
> EOF

This crashes even with the latest upstream version of zsh.

> or
> 
> $ cat <<EOF > test2.ksh
> #!/usr/bin/ksh
> export V=\${HOME}
> EOF

This crash seems to be fixed (or avoided) in the current upstream version.

--- Additional comment from Kamil Dudka on 2015-10-05 18:37:34 CEST ---

(In reply to Kamil Dudka from comment #10)
> > $ cat <<EOF > test1.ksh
> > #!/usr/bin/ksh
> > echo \$HOME
> > EOF
> 
> This crashes even with the latest upstream version of zsh.

Reported upstream:

http://www.zsh.org/mla/workers/2015/msg02696.html

> > $ cat <<EOF > test2.ksh
> > #!/usr/bin/ksh
> > export V=\${HOME}
> > EOF
> 
> This crash seems to be fixed (or avoided) in the current upstream version.

Assuming the fix for bug #1222867 is applied (it actually came later):

https://sourceforge.net/p/zsh/code/ci/af957f2e

... the crash was avoided by the following upstream commit:

https://sourceforge.net/p/zsh/code/ci/44757a65

... where it started to print the following diagnostic message:

    1: subst.c:3712: value is NULL in paramsubst

The diagnostic message went away with the following upstream commit:

https://sourceforge.net/p/zsh/code/ci/39b28980

Nevertheless the following command still crashes with the latest upstream:

$ ARGV0=ksh zsh -nc 'export .V=${HOME}'

--- Additional comment from Kamil Dudka on 2015-10-08 14:18:29 CEST ---

upstream commit:

https://sourceforge.net/p/zsh/code/ci/83a17579

Comment 1 Kamil Dudka 2015-10-08 13:23:49 UTC

fixed in zsh-5.1.1-2.fc24

Comment 2 Fedora Update System 2015-10-08 13:53:08 UTC

zsh-5.1.1-2.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-3c76c4798f

Comment 3 Fedora Update System 2015-10-08 13:54:24 UTC

zsh-5.0.8-6.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-50825feb48

Comment 4 Fedora Update System 2015-10-09 13:54:58 UTC

zsh-5.0.8-6.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update zsh'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-50825feb48

Comment 5 Fedora Update System 2015-10-09 13:55:52 UTC

zsh-5.1.1-2.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update zsh'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-3c76c4798f

Comment 6 Fedora Update System 2015-10-12 15:26:33 UTC

zsh-5.0.8-7.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-fa791312b4

Comment 7 Fedora Update System 2015-10-13 18:21:07 UTC

zsh-5.0.8-7.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update zsh'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-fa791312b4

Comment 8 Fedora Update System 2015-11-01 02:44:39 UTC

zsh-5.1.1-2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2015-11-03 05:52:33 UTC

zsh-5.0.8-7.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.