[ast-developers] ksh crashes

Michal Hlavinka Wed, 28 Jul 2010 10:04:07 -0700

Hi,

we've got report ksh (all recent version) crashes with for ones user script.
Unfortunately we can't get that complex script, so original reporter tries to
simplify that script now. The only information we have is backtrace(this one
is from 2010-06-21, but it seems there are no changes in latest beta that 
should affect this crash):


#0  nv_hasdisc (np=0x182b1b40, dp=0x4d3dc0) at ksh93/sh/nvdisc.c:747
#1  nv_outnode (np=0x182f99b0, out=0x72fa00, indent=-1, special=0) at 
ksh93/sh/nvtree.c:595
#2  print_value (iop=0x72fa00, np=0x182f99b0, tp=<value optimized out>) at 
ksh93/bltins/typeset.c:424
#3  print_namval (file=0x72fa00, np=0x182f99b0, flag=0, tp=0x7fff01ec0a80) at 
ksh93/bltins/typeset.c:1123
#4  print_scan (file=0x72fa00, flag=0, root=0x182f2260, option=0, 
tp=0x7fff01ec0a80) at ksh93/bltins/typeset.c:1216
#5  b_set (argc=1, argv=0x1830cf70, extra=0x7313a8) at 
ksh93/bltins/typeset.c:933
#6  sh_exec (t=0x1830cf10, flags=133) at ksh93/sh/xec.c:1088
#7  sh_exec (t=0x1830cf80, flags=4) at ksh93/sh/xec.c:1447
#8  sh_exec (t=0x1830d080, flags=5) at ksh93/sh/xec.c:1607
#9  sh_subshell (t=0x1830d080, flags=5, comsub=1) at ksh93/sh/subshell.c:559
#10 comsubst (mp=0x180360f0, t=0x1830d080, type=1) at ksh93/sh/macro.c:2007
#11 copyto (mp=0x180360f0, endch=0, newquote=<value optimized out>) at 
ksh93/sh/macro.c:586
#12 sh_macexpand (shp=0x730e60, argp=0x181baa90, arghead=0x7fff01ec2288, 
flag=0) at ksh93/sh/macro.c:235
#13 arg_expand (shp=0x730e60, nargs=0x7fff01ec27fc, comptr=0xfefefefefefefeff, 
flag=0) at ksh93/sh/args.c:867
#14 sh_argbuild (shp=0x730e60, nargs=0x7fff01ec27fc, comptr=0xfefefefefefefeff, 
flag=0) at ksh93/sh/args.c:728
#15 sh_exec (t=0x181baa50, flags=4) at ksh93/sh/xec.c:777
#16 sh_exec (t=0x181bbd90, flags=<value optimized out>) at ksh93/sh/xec.c:1650
#17 sh_funscope (argn=<value optimized out>, argv=0x1830cdd8, fun=0, 
arg=0x7fff01ec30a0, execflg=4) at ksh93/sh/xec.c:2752
#18 sh_funct (shp=0x730e60, np=0x181c6730, argn=2, argv=0x1830cdd8, 
envlist=0x0, execflg=4) at ksh93/sh/xec.c:2835
#19 sh_exec (t=0x181e09e0, flags=4) at ksh93/sh/xec.c:1218
#20 sh_exec (t=0x181e0ae0, flags=<value optimized out>) at ksh93/sh/xec.c:1650
#21 sh_exec (t=0x181e0990, flags=4) at ksh93/sh/xec.c:1955
#22 sh_exec (t=0x181e1fa0, flags=<value optimized out>) at ksh93/sh/xec.c:1650
#23 sh_funscope (argn=<value optimized out>, argv=0x1830cca8, fun=0, 
arg=0x7fff01ec49f0, execflg=4) at ksh93/sh/xec.c:2752
#24 sh_funct (shp=0x730e60, np=0x181e5ba0, argn=2, argv=0x1830cca8, 
envlist=0x0, execflg=4) at ksh93/sh/xec.c:2835
#25 sh_exec (t=0x181e3240, flags=4) at ksh93/sh/xec.c:1218
#26 sh_exec (t=0x181e37b0, flags=<value optimized out>) at ksh93/sh/xec.c:1650
#27 sh_exec (t=0x181e2990, flags=4) at ksh93/sh/xec.c:1849
#28 sh_exec (t=0x181e38b0, flags=4) at ksh93/sh/xec.c:1500
#29 sh_exec (t=0x181e39b0, flags=<value optimized out>) at ksh93/sh/xec.c:1650
#30 sh_funscope (argn=<value optimized out>, argv=0x1830c918, fun=0, 
arg=0x7fff01ec68d0, execflg=4) at ksh93/sh/xec.c:2752
#31 sh_funct (shp=0x730e60, np=0x181e5d20, argn=2, argv=0x1830c918, 
envlist=0x0, execflg=4) at ksh93/sh/xec.c:2835
#32 sh_exec (t=0x181e4800, flags=4) at ksh93/sh/xec.c:1218
#33 sh_exec (t=0x181e55f0, flags=<value optimized out>) at ksh93/sh/xec.c:1650
#34 sh_funscope (argn=<value optimized out>, argv=0x1830c808, fun=0, 
arg=0x7fff01ec7700, execflg=4) at ksh93/sh/xec.c:2752
#35 sh_funct (shp=0x730e60, np=0x1818a060, argn=1, argv=0x1830c808, 
envlist=0x0, execflg=4) at ksh93/sh/xec.c:2835
#36 sh_exec (t=0x1811ce90, flags=4) at ksh93/sh/xec.c:1218
#37 sh_exec (t=0x1811cfc0, flags=<value optimized out>) at ksh93/sh/xec.c:1650
#38 sh_exec (t=0x182b1b40, flags=5062080) at ksh93/sh/xec.c:1914
#39 sh_exec (t=0x1811e8b0, flags=<value optimized out>) at ksh93/sh/xec.c:1650
#40 sh_funscope (argn=<value optimized out>, argv=0x18302f50, fun=0, 
arg=0x7fff01ec9050, execflg=6) at ksh93/sh/xec.c:2752
#41 sh_funct (shp=0x730e60, np=0x18172ae0, argn=2, argv=0x18302f50, 
envlist=0x0, execflg=6) at ksh93/sh/xec.c:2835
#42 sh_exec (t=0x18302ed0, flags=6) at ksh93/sh/xec.c:1218
#43 sh_exec (t=0x182b1b40, flags=5062080) at ksh93/sh/xec.c:1914
#44 sh_funscope (argn=<value optimized out>, argv=0x1830c6a8, fun=0, 
arg=0x7fff01ec9e80, execflg=4) at ksh93/sh/xec.c:2752
#45 sh_funct (shp=0x730e60, np=0x1804cbc0, argn=1, argv=0x1830c6a8, 
envlist=0x0, execflg=4) at ksh93/sh/xec.c:2835
#46 sh_exec (t=0x1814dde0, flags=4) at ksh93/sh/xec.c:1218
#47 sh_exec (t=0x1814f210, flags=<value optimized out>) at ksh93/sh/xec.c:1650
#48 sh_exec (t=0x182b1b40, flags=5062080) at ksh93/sh/xec.c:1914
#49 sh_exec (t=0x182b1b40, flags=5062080) at ksh93/sh/xec.c:1914
#50 sh_exec (t=0x181504d0, flags=<value optimized out>) at ksh93/sh/xec.c:1650
#51 sh_exec (t=0x1814ccc0, flags=<value optimized out>) at ksh93/sh/xec.c:1770
#52 sh_exec (t=0x182b1b40, flags=5062080) at ksh93/sh/xec.c:1914
#53 sh_funscope (argn=<value optimized out>, argv=0x18040568, fun=0, 
arg=0x7fff01ecc880, execflg=4) at ksh93/sh/xec.c:2752
#54 sh_funct (shp=0x730e60, np=0x18173a90, argn=3, argv=0x18040568, 
envlist=0x0, execflg=4) at ksh93/sh/xec.c:2835
#55 sh_exec (t=0x1806ddd0, flags=4) at ksh93/sh/xec.c:1218
#56 sh_exec (t=0x1806df20, flags=<value optimized out>) at ksh93/sh/xec.c:1650
#57 sh_exec (t=0x1806e230, flags=133) at ksh93/sh/xec.c:1500
#58 sh_exec (t=0x1806e250, flags=4) at ksh93/sh/xec.c:1447
#59 sh_exec (t=0x1806e360, flags=4) at ksh93/sh/xec.c:1607
#60 sh_exec (t=0x180711f0, flags=<value optimized out>) at ksh93/sh/xec.c:1650
#61 sh_funscope (argn=<value optimized out>, argv=0x18040508, fun=0, 
arg=0x7fff01ececf0, execflg=5) at ksh93/sh/xec.c:2752
#62 sh_funct (shp=0x730e60, np=0x18075290, argn=2, argv=0x18040508, 
envlist=0x0, execflg=5) at ksh93/sh/xec.c:2835
#63 sh_exec (t=0x18040480, flags=37) at ksh93/sh/xec.c:1218
#64 exfile ()


I've tried to find problematic place sooner using debug code first, so I've
added following function as first line in nv_putval, nv_outnode and sh_exec
(it's simplified first lines from print_scan):

void absdebug_checkall()
{
  struct tdata tdata;
  memset(&tdata,0,sizeof(tdata));
  tdata.sh = sh_getinterp();
  tdata.prefix=0;
  nv_scan(tdata.sh->var_tree,absdebug_checkone,(void*)&tdata,0,0);
}

//modified check_dist
void absdebug_checkone(Namval_t *np,void*notused)
{
  (void*)notused;
  register Namfun_t *fp;
  for(fp=np->nvfun; fp; fp = fp->next)
    if (fp->disc > 0) { asm ( "nop" ); } //this should cause sigsegv 
}


but it makes ksh crash like this:
#0  __strcmp_ssse3 () at ../sysdeps/x86_64/strcmp.S:106 -- compares sp with dp, 
where sp==NULL ->crash
#1  nv_compare (dict=0x20369b0, sp=0x0, dp=0x2037228, disc=0x76e900) at 
ksh93/sh/nvdisc.c:35
#2  dttree (dt=0x20369b0, obj=0x2036e00, type=2) at 
/usr/src/debug/ksh-20100701/src/lib/libast/cdt/dttree.c:171
#3  nv_delete (np=0x2036e00, root=0x20369b0, flags=0) at ksh93/sh/name.c:1094
#4  array_putval (np=0x2036740, string=0x0, flags=0, dp=0x20367d0) at 
ksh93/sh/array.c:540
#5  nv_putv (np=0x2036740, value=0x0, flags=0, nfp=0x0) at ksh93/sh/nvdisc.c:143
#6  _nv_unset (np=0x2036740, flags=0) at ksh93/sh/name.c:2263
#7  b_unall (argc=2, argv=0x201fbf0, troot=0x2021220, shp=0x773c80) at 
ksh93/bltins/typeset.c:1065
#8  b_unset (argc=2, argv=0x0, extra=0x7741c8) at ksh93/bltins/typeset.c:976
#9  sh_exec (t=0x201fb60, flags=4) at ksh93/sh/xec.c:1251
#10 exfile ()
#11 sh_main ()
#12 main (argc=2, argv=0x7fffaecddaa8) at ksh93/sh/pmain.c:46

Did I miss something obvious why the code above I've added should crash ksh?

Regards,
Michal Hlavinka
_______________________________________________
ast-developers mailing list
[email protected]
https://mailman.research.att.com/mailman/listinfo/ast-developers

[ast-developers] ksh crashes

Reply via email to