This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 610505 - Crash when searching the history
Crash when searching the history
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: zsh (Show other bugs)
5.5
All Linux
medium Severity medium
: rc
: ---
Assigned To: James Antill
Branislav Náter
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-07-02 05:31 EDT by Tomas Smetana
Modified: 2013-04-12 16:43 EDT (History)
3 users (show)

See Also:
Fixed In Version: zsh-4.2.6-4.el5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-10-27 12:19:25 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Proposed patch (380 bytes, patch)
2010-07-02 05:32 EDT, Tomas Smetana
no flags Details | Diff

  None (edit)
Description Tomas Smetana 2010-07-02 05:31:24 EDT
Description of problem:
The zsh can crash when searching the history in the vi mode.

Version-Release number of selected component (if applicable):
zsh-4.2.6-3.el5

How reproducible:
Almost always

Steps to Reproduce:
1. set -o vi
2. enter few commands (echo foo)
3. press ESC to enter the vi command mode
4. press '?' to search in the history and find some term
5. scroll in the history (press the up/down arrow)
6. press '/' to search in the history in forward mode
7. GOTO 4.
  
Actual results:
*** glibc detected *** zsh: double free or corruption (fasttop): 0x000000001edd85d0 ***
======= Backtrace: =========
/lib64/libc.so.6[0x332767230f]
/lib64/libc.so.6(cfree+0x4b)[0x332767276b]
/usr/lib64/zsh/4.2.6/zsh/zle.so[0x2afabe6c8c30]
/usr/lib64/zsh/4.2.6/zsh/zle.so(vihistorysearchbackward+0x6f)[0x2afabe6c99af]
/usr/lib64/zsh/4.2.6/zsh/zle.so(execzlefunc+0xae)[0x2afabe6cecae]
/usr/lib64/zsh/4.2.6/zsh/zle.so(zlecore+0xec)[0x2afabe6cf2dc]
/usr/lib64/zsh/4.2.6/zsh/zle.so(zleread+0x408)[0x2afabe6cf8f8]
zsh(ingetc+0x120)[0x4388a0]
zsh[0x43339d]
zsh(gettok+0x1b)[0x4411fb]
zsh(yylex+0x18)[0x441a08]
zsh(parse_event+0x27)[0x45ce47]
zsh(loop+0x58)[0x437328]
zsh(zsh_main+0x1d1)[0x438021]
/lib64/libc.so.6(__libc_start_main+0xf4)[0x332761d994]
zsh[0x40cc09]

Expected results:
nothing like that

Additional info:
The bug has been found and fixed in the upstream zsh already:
http://www.zsh.org/mla/workers/2007/msg00985.html
http://www.zsh.org/mla/workers/2007/msg00735.html
Comment 1 Tomas Smetana 2010-07-02 05:32:05 EDT
Created attachment 428782 [details]
Proposed patch
Comment 2 James Antill 2010-07-02 09:49:21 EDT
Patch is trivial :).
Comment 14 errata-xmlrpc 2010-10-27 12:19:25 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2010-0804.html

Note You need to log in before you can comment on or make changes to this bug.