Re: Crash in readline_internal_teardown()
On 7/12/14, 6:51 PM, Bernie Innocenti wrote: Bash Version: 4.3 Patch Level: 18 Release Status: release Description: A similar crash has already been reported in Launchpad: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1294669 They are not the same; the stack tracebacks are very different. The bug in that launchpad report was fixed with bash-4.3 patch 9 and had to do with history expansion. This bug has to do with the behavior of readline's revert-all-at-newline option. My bash binary contains patches 9 through 11 which supposedly fixed this, but I'm still getting occasional crashes with a binary built off git head: There is a fix for this in the devel git branch, but there has not been any official patch released yet. It was just reported a couple of weeks ago while I was on vacation. I have attached a patch originally from Jared Yanovich that should fix the problem. Chet -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, ITS, CWRUc...@case.eduhttp://cnswww.cns.cwru.edu/~chet/ *** ../bash-4.3-patched/lib/readline/misc.c 2012-09-01 18:03:11.0 -0400 --- lib/readline/misc.c 2014-06-30 13:41:19.0 -0400 *** *** 462,465 --- 462,466 /* Set up rl_line_buffer and other variables from history entry */ rl_replace_from_history (entry, 0); /* entry-line is now current */ + entry-data = 0; /* entry-data is now current undo list */ /* Undo all changes to this history entry */ while (rl_undo_list) *** *** 469,473 FREE (entry-line); entry-line = savestring (rl_line_buffer); - entry-data = 0; } entry = previous_history (); --- 470,473
Re: Crash in readline_internal_teardown()
On 07/14/2014 04:25 PM, Chet Ramey wrote: On 7/12/14, 6:51 PM, Bernie Innocenti wrote: Bash Version: 4.3 Patch Level: 18 Release Status: release Description: A similar crash has already been reported in Launchpad: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1294669 They are not the same; the stack tracebacks are very different. The bug in that launchpad report was fixed with bash-4.3 patch 9 and had to do with history expansion. This bug has to do with the behavior of readline's revert-all-at-newline option. My bash binary contains patches 9 through 11 which supposedly fixed this, but I'm still getting occasional crashes with a binary built off git head: There is a fix for this in the devel git branch, but there has not been any official patch released yet. It was just reported a couple of weeks ago while I was on vacation. I have attached a patch originally from Jared Yanovich that should fix the problem. Thank you so much, Chet. I'll apply your patch and open a new bug on LP. -- _ // Bernie Innocenti \X/ http://codewiz.org
Crash in readline_internal_teardown()
Configuration Information [Automatically generated, do not change]: Machine: x86_64 OS: linux-gnu Compiler: gcc Compilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='x86_64' -DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='x86_64-unknown-li» uname output: Linux xyzzy.cam.corp.google.com 3.13.0-30-generic #55-Ubuntu SMP Fri Jul 4 21:40:53 UTC 2014 x86_64 x86_64 x8» Machine Type: x86_64-unknown-linux-gnu Bash Version: 4.3 Patch Level: 18 Release Status: release Description: A similar crash has already been reported in Launchpad: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1294669 My bash binary contains patches 9 through 11 which supposedly fixed this, but I'm still getting occasional crashes with a binary built off git head: malloc: unknown:0: assertion botched free: called with unallocated block argument last command: ll webserver/sffe/config/sffe_config.proto Aborting... Program received signal SIGABRT, Aborted. 0x7761df79 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory. (gdb) bt #0 0x7761df79 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 #1 0x77621388 in __GI_abort () at abort.c:89 #2 0x0044051f in programming_error () #3 0x004b3bff in internal_free.isra () #4 0x004ae1ac in _rl_revert_all_lines () #5 0x00495035 in readline_internal_teardown () #6 0x00495f56 in readline () #7 0x0042158a in yy_readline_get () #8 0x00423716 in shell_getc () #9 0x004265f2 in read_token.constprop () #10 0x00429bd4 in yyparse () #11 0x00420e9b in parse_command () #12 0x00420f6c in read_command () #13 0x00421169 in reader_loop () #14 0x0041f749 in main () (gdb) I'm now running a binary built with -g under gdb to obtain a better stack trace. Repeat-By: Hard to reproduce. The crashes happen just before returning to the prompt, but it's not deterministic. I strongly suspect heap corruption. -- _ // Bernie Innocenti \X/ http://codewiz.org
