Bug 610505 - Crash when searching the history
Summary: Crash when searching the history
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: zsh (Show other bugs)
(Show other bugs)
Version: 5.5
Hardware: All Linux
medium
medium
Target Milestone: rc
: ---
Assignee: James Antill
QA Contact: Branislav Náter
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-07-02 09:31 UTC by Tomas Smetana
Modified: 2018-11-14 19:26 UTC (History)
3 users (show)

Fixed In Version: zsh-4.2.6-4.el5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-10-27 16:19:25 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Proposed patch (380 bytes, patch)
2010-07-02 09:32 UTC, Tomas Smetana
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2010:0804 normal SHIPPED_LIVE zsh bug fix update 2010-10-27 16:19:10 UTC

Description Tomas Smetana 2010-07-02 09:31:24 UTC
Description of problem:
The zsh can crash when searching the history in the vi mode.

Version-Release number of selected component (if applicable):
zsh-4.2.6-3.el5

How reproducible:
Almost always

Steps to Reproduce:
1. set -o vi
2. enter few commands (echo foo)
3. press ESC to enter the vi command mode
4. press '?' to search in the history and find some term
5. scroll in the history (press the up/down arrow)
6. press '/' to search in the history in forward mode
7. GOTO 4.
  
Actual results:
*** glibc detected *** zsh: double free or corruption (fasttop): 0x000000001edd85d0 ***
======= Backtrace: =========
/lib64/libc.so.6[0x332767230f]
/lib64/libc.so.6(cfree+0x4b)[0x332767276b]
/usr/lib64/zsh/4.2.6/zsh/zle.so[0x2afabe6c8c30]
/usr/lib64/zsh/4.2.6/zsh/zle.so(vihistorysearchbackward+0x6f)[0x2afabe6c99af]
/usr/lib64/zsh/4.2.6/zsh/zle.so(execzlefunc+0xae)[0x2afabe6cecae]
/usr/lib64/zsh/4.2.6/zsh/zle.so(zlecore+0xec)[0x2afabe6cf2dc]
/usr/lib64/zsh/4.2.6/zsh/zle.so(zleread+0x408)[0x2afabe6cf8f8]
zsh(ingetc+0x120)[0x4388a0]
zsh[0x43339d]
zsh(gettok+0x1b)[0x4411fb]
zsh(yylex+0x18)[0x441a08]
zsh(parse_event+0x27)[0x45ce47]
zsh(loop+0x58)[0x437328]
zsh(zsh_main+0x1d1)[0x438021]
/lib64/libc.so.6(__libc_start_main+0xf4)[0x332761d994]
zsh[0x40cc09]

Expected results:
nothing like that

Additional info:
The bug has been found and fixed in the upstream zsh already:
http://www.zsh.org/mla/workers/2007/msg00985.html
http://www.zsh.org/mla/workers/2007/msg00735.html

Comment 1 Tomas Smetana 2010-07-02 09:32:05 UTC
Created attachment 428782 [details]
Proposed patch

Comment 2 James Antill 2010-07-02 13:49:21 UTC
Patch is trivial :).

Comment 14 errata-xmlrpc 2010-10-27 16:19:25 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2010-0804.html


Note You need to log in before you can comment on or make changes to this bug.