Dr. Werner Fink
2014-04-07 12:25:36 UTC
Hi,
I've the following problem which had beem boiled down from a huge
script ...
start script eso_boot.mod.sh with
#!/bin/ksh
. ./environ.mod
and the environ.mod file with
f() {
:
}
unset -f f
msg=`echo xx`
echo $msg
now this crashes on some virtual systems as well as on some
AMD x86_64 cpu's and show on all systems that there are done
sfclose() and free() twice on the same pointer even if not
allocated nor sfopen/sfnew'ed.
To be able to debug this I've switched over to _AST_std_malloc
as well as _map_malloc set to 1.
I found that in src/cmd/ksh93/sh/name.c there is a double free()
due sfclose() run twice on slp->slptr in _nv_unset() if
flags&NV_TABLE is true.
Then in src/cmd/ksh93/sh/macro.c : comsubst() the stream sp which
is sfclosed and freed will be lateron freed in sh_eval_20120720()
with the function call sh_freeup(shp) ...
Beside this in sh_eval_20120720() there is also in the loop
while(jmpval==0) a double sfclose(iop) even this does not cause
a double free().
Currently I use the attached patch to avoid those crashes but
AFAICS this does not survive the test suite in all points:
[ 486s] test builtin_poll begins at 2014-04-07+11:39:58
[ 486s] shtests[333]: eval: line 1: 7594: Memory fault
[ 486s] test builtin_poll failed at 2014-04-07+11:39:58 with exit code 267 [ 27 tests 267 errors ]
[ 486s] test builtin_poll(C.UTF-8) begins at 2014-04-07+11:39:58
[ 486s] shtests[333]: eval: line 1: 7598: Memory fault
[ 486s] test builtin_poll(C.UTF-8) failed at 2014-04-07+11:39:58 with exit code 267 [ 27 tests 267 errors ]
[ 486s] test builtin_poll(shcomp) begins at 2014-04-07+11:39:58
[ 486s] shtests: line 354: 7602: Memory fault
[ 486s] test builtin_poll(shcomp) failed at 2014-04-07+11:39:58 with exit code 267 [ 27 tests 267 errors ]
[ 523s] test comvario begins at 2014-04-07+11:40:35
[ 525s] test comvario passed at 2014-04-07+11:40:37 [ 74 tests 0 errors ]
[ 525s] test comvario(C.UTF-8) begins at 2014-04-07+11:40:37
[ 525s] shtests[333]: eval: line 1: 8939: Memory fault
[ 525s] test comvario(C.UTF-8) failed at 2014-04-07+11:40:37 with exit code 267 [ 74 tests 267 errors ]
[ 525s] test comvario(shcomp) begins at 2014-04-07+11:40:37
[ 525s] shtests: line 354: 8951: Memory fault
[ 525s] test comvario(shcomp) failed at 2014-04-07+11:40:37 with exit code 267 [ 74 tests 267 errors ]
[ 623s] test io begins at 2014-04-07+11:42:15
[ 635s] test io passed at 2014-04-07+11:42:27 [ 99 tests 0 errors ]
[ 635s] test io(C.UTF-8) begins at 2014-04-07+11:42:27
[ 647s] test io(C.UTF-8) passed at 2014-04-07+11:42:39 [ 99 tests 0 errors ]
[ 647s] test io(shcomp) begins at 2014-04-07+11:42:39
[ 647s] test io(shcomp) failed at 2014-04-07+11:42:39 with exit code 269 [ 99 tests 269 errors ]
[ 1087s] test types begins at 2014-04-07+11:49:59
[ 1087s] test types passed at 2014-04-07+11:49:59 [ 118 tests 0 errors ]
[ 1087s] test types(C.UTF-8) begins at 2014-04-07+11:49:59
[ 1087s] test types(C.UTF-8) passed at 2014-04-07+11:49:59 [ 118 tests 0 errors ]
[ 1087s] test types(shcomp) begins at 2014-04-07+11:49:59
[ 1087s] shcomp-types.ksh[708]: z.out should be foo f 123
[ 1087s] test types(shcomp) failed at 2014-04-07+11:49:59 with exit code 1 [ 118 tests 1 error ]
the error with io(shcomp) I've seen also with _AST_std_malloc = 0 and
without my attached patch.
Sidemark: IMHO the memory and sfio managment in ksh is lacking a fault checker
Werner
--
"Having a smoking section in a restaurant is like having
a peeing section in a swimming pool." -- Edward Burr
-------------- next part --------------
A non-text attachment was scrubbed...
Name: x
Type: text/x-patch
Size: 1156 bytes
Desc: workaround.patch
URL: <http://lists.research.att.com/pipermail/ast-developers/attachments/20140407/3d81bde3/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.research.att.com/pipermail/ast-developers/attachments/20140407/3d81bde3/attachment.sig>
I've the following problem which had beem boiled down from a huge
script ...
start script eso_boot.mod.sh with
#!/bin/ksh
. ./environ.mod
and the environ.mod file with
f() {
:
}
unset -f f
msg=`echo xx`
echo $msg
now this crashes on some virtual systems as well as on some
AMD x86_64 cpu's and show on all systems that there are done
sfclose() and free() twice on the same pointer even if not
allocated nor sfopen/sfnew'ed.
To be able to debug this I've switched over to _AST_std_malloc
as well as _map_malloc set to 1.
I found that in src/cmd/ksh93/sh/name.c there is a double free()
due sfclose() run twice on slp->slptr in _nv_unset() if
flags&NV_TABLE is true.
Then in src/cmd/ksh93/sh/macro.c : comsubst() the stream sp which
is sfclosed and freed will be lateron freed in sh_eval_20120720()
with the function call sh_freeup(shp) ...
Beside this in sh_eval_20120720() there is also in the loop
while(jmpval==0) a double sfclose(iop) even this does not cause
a double free().
Currently I use the attached patch to avoid those crashes but
AFAICS this does not survive the test suite in all points:
[ 486s] test builtin_poll begins at 2014-04-07+11:39:58
[ 486s] shtests[333]: eval: line 1: 7594: Memory fault
[ 486s] test builtin_poll failed at 2014-04-07+11:39:58 with exit code 267 [ 27 tests 267 errors ]
[ 486s] test builtin_poll(C.UTF-8) begins at 2014-04-07+11:39:58
[ 486s] shtests[333]: eval: line 1: 7598: Memory fault
[ 486s] test builtin_poll(C.UTF-8) failed at 2014-04-07+11:39:58 with exit code 267 [ 27 tests 267 errors ]
[ 486s] test builtin_poll(shcomp) begins at 2014-04-07+11:39:58
[ 486s] shtests: line 354: 7602: Memory fault
[ 486s] test builtin_poll(shcomp) failed at 2014-04-07+11:39:58 with exit code 267 [ 27 tests 267 errors ]
[ 523s] test comvario begins at 2014-04-07+11:40:35
[ 525s] test comvario passed at 2014-04-07+11:40:37 [ 74 tests 0 errors ]
[ 525s] test comvario(C.UTF-8) begins at 2014-04-07+11:40:37
[ 525s] shtests[333]: eval: line 1: 8939: Memory fault
[ 525s] test comvario(C.UTF-8) failed at 2014-04-07+11:40:37 with exit code 267 [ 74 tests 267 errors ]
[ 525s] test comvario(shcomp) begins at 2014-04-07+11:40:37
[ 525s] shtests: line 354: 8951: Memory fault
[ 525s] test comvario(shcomp) failed at 2014-04-07+11:40:37 with exit code 267 [ 74 tests 267 errors ]
[ 623s] test io begins at 2014-04-07+11:42:15
[ 635s] test io passed at 2014-04-07+11:42:27 [ 99 tests 0 errors ]
[ 635s] test io(C.UTF-8) begins at 2014-04-07+11:42:27
[ 647s] test io(C.UTF-8) passed at 2014-04-07+11:42:39 [ 99 tests 0 errors ]
[ 647s] test io(shcomp) begins at 2014-04-07+11:42:39
[ 647s] test io(shcomp) failed at 2014-04-07+11:42:39 with exit code 269 [ 99 tests 269 errors ]
[ 1087s] test types begins at 2014-04-07+11:49:59
[ 1087s] test types passed at 2014-04-07+11:49:59 [ 118 tests 0 errors ]
[ 1087s] test types(C.UTF-8) begins at 2014-04-07+11:49:59
[ 1087s] test types(C.UTF-8) passed at 2014-04-07+11:49:59 [ 118 tests 0 errors ]
[ 1087s] test types(shcomp) begins at 2014-04-07+11:49:59
[ 1087s] shcomp-types.ksh[708]: z.out should be foo f 123
[ 1087s] test types(shcomp) failed at 2014-04-07+11:49:59 with exit code 1 [ 118 tests 1 error ]
the error with io(shcomp) I've seen also with _AST_std_malloc = 0 and
without my attached patch.
Sidemark: IMHO the memory and sfio managment in ksh is lacking a fault checker
Werner
--
"Having a smoking section in a restaurant is like having
a peeing section in a swimming pool." -- Edward Burr
-------------- next part --------------
A non-text attachment was scrubbed...
Name: x
Type: text/x-patch
Size: 1156 bytes
Desc: workaround.patch
URL: <http://lists.research.att.com/pipermail/ast-developers/attachments/20140407/3d81bde3/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.research.att.com/pipermail/ast-developers/attachments/20140407/3d81bde3/attachment.sig>