Hi, I've the following problem which had beem boiled down from a huge script ...
start script eso_boot.mod.sh with
#!/bin/ksh
. ./environ.mod
and the environ.mod file with
f() {
:
}
unset -f f
msg=`echo xx`
echo $msg
now this crashes on some virtual systems as well as on some
AMD x86_64 cpu's and show on all systems that there are done
sfclose() and free() twice on the same pointer even if not
allocated nor sfopen/sfnew'ed.
To be able to debug this I've switched over to _AST_std_malloc
as well as _map_malloc set to 1.
I found that in src/cmd/ksh93/sh/name.c there is a double free()
due sfclose() run twice on slp->slptr in _nv_unset() if
flags&NV_TABLE is true.
Then in src/cmd/ksh93/sh/macro.c : comsubst() the stream sp which
is sfclosed and freed will be lateron freed in sh_eval_20120720()
with the function call sh_freeup(shp) ...
Beside this in sh_eval_20120720() there is also in the loop
while(jmpval==0) a double sfclose(iop) even this does not cause
a double free().
Currently I use the attached patch to avoid those crashes but
AFAICS this does not survive the test suite in all points:
[ 486s] test builtin_poll begins at 2014-04-07+11:39:58
[ 486s] shtests[333]: eval: line 1: 7594: Memory fault
[ 486s] test builtin_poll failed at 2014-04-07+11:39:58 with exit code 267 [
27 tests 267 errors ]
[ 486s] test builtin_poll(C.UTF-8) begins at 2014-04-07+11:39:58
[ 486s] shtests[333]: eval: line 1: 7598: Memory fault
[ 486s] test builtin_poll(C.UTF-8) failed at 2014-04-07+11:39:58 with exit
code 267 [ 27 tests 267 errors ]
[ 486s] test builtin_poll(shcomp) begins at 2014-04-07+11:39:58
[ 486s] shtests: line 354: 7602: Memory fault
[ 486s] test builtin_poll(shcomp) failed at 2014-04-07+11:39:58 with exit code
267 [ 27 tests 267 errors ]
[ 523s] test comvario begins at 2014-04-07+11:40:35
[ 525s] test comvario passed at 2014-04-07+11:40:37 [ 74 tests 0 errors ]
[ 525s] test comvario(C.UTF-8) begins at 2014-04-07+11:40:37
[ 525s] shtests[333]: eval: line 1: 8939: Memory fault
[ 525s] test comvario(C.UTF-8) failed at 2014-04-07+11:40:37 with exit code
267 [ 74 tests 267 errors ]
[ 525s] test comvario(shcomp) begins at 2014-04-07+11:40:37
[ 525s] shtests: line 354: 8951: Memory fault
[ 525s] test comvario(shcomp) failed at 2014-04-07+11:40:37 with exit code 267
[ 74 tests 267 errors ]
[ 623s] test io begins at 2014-04-07+11:42:15
[ 635s] test io passed at 2014-04-07+11:42:27 [ 99 tests 0 errors ]
[ 635s] test io(C.UTF-8) begins at 2014-04-07+11:42:27
[ 647s] test io(C.UTF-8) passed at 2014-04-07+11:42:39 [ 99 tests 0 errors ]
[ 647s] test io(shcomp) begins at 2014-04-07+11:42:39
[ 647s] test io(shcomp) failed at 2014-04-07+11:42:39 with exit code 269 [ 99
tests 269 errors ]
[ 1087s] test types begins at 2014-04-07+11:49:59
[ 1087s] test types passed at 2014-04-07+11:49:59 [ 118 tests 0 errors ]
[ 1087s] test types(C.UTF-8) begins at 2014-04-07+11:49:59
[ 1087s] test types(C.UTF-8) passed at 2014-04-07+11:49:59 [ 118 tests 0 errors
]
[ 1087s] test types(shcomp) begins at 2014-04-07+11:49:59
[ 1087s] shcomp-types.ksh[708]: z.out should be foo f 123
[ 1087s] test types(shcomp) failed at 2014-04-07+11:49:59 with exit code 1 [
118 tests 1 error ]
the error with io(shcomp) I've seen also with _AST_std_malloc = 0 and
without my attached patch.
Sidemark: IMHO the memory and sfio managment in ksh is lacking a fault checker
Werner
--
"Having a smoking section in a restaurant is like having
a peeing section in a swimming pool." -- Edward Burr
--- src/lib/libast/misc/spawnvex.c
+++ src/lib/libast/misc/spawnvex.c 2014-04-04 13:30:25.522235886 +0000
@@ -596,6 +596,8 @@ spawnvex_apply(Spawnvex_t* vex, int cur,
}
else if (i >= vex->cur)
break;
+ if (!vex->op)
+ break;
op = vex->op[i++].number;
arg = vex->op[i++].number;
if (!(op & 1))
--- src/cmd/ksh93/sh/name.c
+++ src/cmd/ksh93/sh/name.c 2014-04-07 10:06:20.150735631 +0000
@@ -2629,9 +2629,14 @@ void _nv_unset(register Namval_t *np,int
}
dtclose(rp->sdict);
}
+ /*
+ * stkclose() does do sfclose() finally which
+ * its self does free() the stream slp->slptr
+ */
if(flags&NV_TABLE)
while(stkclose(slp->slptr)==1);
- sfclose(slp->slptr);
+ else
+ sfclose(slp->slptr);
free((void*)np->nvalue.ip);
np->nvalue.ip = 0;
}
--- src/cmd/ksh93/sh/macro.c
+++ src/cmd/ksh93/sh/macro.c 2014-04-07 11:22:59.554235168 +0000
@@ -2134,7 +2134,8 @@ static void comsubst(Mac_t *mp,register
if(t)
{
fcsave(&save);
- sfclose(sp);
+ sfsync(sp);
+ sfpurge(sp);
if(t->tre.tretyp==0 && !t->com.comarg && !t->com.comset)
{
/* special case $(<file) and $(<#file) */
pgpoC7NXqbowM.pgp
Description: PGP signature
_______________________________________________ ast-developers mailing list [email protected] http://lists.research.att.com/mailman/listinfo/ast-developers
