Hi,
On Mon, Mar 10, 2014 at 8:43 AM, Chet Ramey <[email protected]> wrote:
> As you noted in a separate message, it's the "childval = 1" that causes
> the problem here. That causes r to be set to 1, the multikey state is
> not reset, and we have the crash.
>
> I know how and where to fix the crash, but I cannot for the life of me
> get childval set to 1 here, no matter how I reproduce your steps, using
> test programs. It always ends up being set to 0, and I can't see a way
> to force rl_get_next_history or rl_get_previous_history to return 1.
>
> If you can do a little more debugging and figure out how childval gets
> set to 1, I would appreciate it. That should wrap it up.
>
> Thanks for all your help so far.
I did some debugging on Linux Arch with readline version 6.3-1 (no
additional patches).
I use "i<DOWN><DOWN>" sequence to crash ipython program. I was trying
to find who and where set childval to 1. I found that it is
readline.c:757
if (_rl_kscxt)
_rl_kscxt->childval = r;
See this debug session
https://gist.githubusercontent.com/anatol/9474427/raw/dc786062d738aaf1ac87211a1ee1e30fc5307665/who_sets_1
Then I tried to find why r is 1. Here is the session
https://gist.githubusercontent.com/anatol/9474427/raw/362de60a2dc75cc53f9650d7cbead2e1370c773c/where_from_1_comes
This value comes from
if ((cxt->flags & KSEQ_DISPATCHED) == 0)
{
nkey = _rl_subseq_getchar (cxt->okey);
if (nkey < 0)
{
_rl_abort_internal ();
return -1;
}
r = _rl_dispatch_subseq (nkey, cxt->dmap, cxt->subseq_arg);
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cxt->flags |= KSEQ_DISPATCHED;
}
That itself comes from
r = (*func) (rl_numeric_arg * rl_arg_sign, key);
it is rl_history_search_forward (count=1, ignore=66)
it calls rl_history_search_internal (count=1, dir=1)
The latter function calls
noninc_search_from_pos (string=0x19869e0 "^i", pos=6, dir=dir@entry=1)
it returns -1 and breaks from the loop, as temp == 0 then it return 1
rl_history_search_internal (count, dir)
if (temp == 0)
{
.................
#else
rl_point = rl_history_search_len; /* rl_maybe_unsave_line changes it */
rl_mark = rl_end;
#endif
return 1;
^^^^^^^^^^^^^^^^^^^^^^^ It is where 1 comes from ^^^^^^^^^^^^^^^^^^^^
}
_______________________________________________
Bug-readline mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/bug-readline
