From daveMail at getdave.com Tue May 6 17:29:49 2008 From: daveMail at getdave.com (David Ljung Madison) Date: Tue, 6 May 2008 07:29:49 -0700 (PDT) Subject: implicitcd bug Message-ID: http://davesource.com/Bugs/tcsh.2.html Incidentally, there are two other implicitcd bugs which I don't think have been fixed (though I don't know how far back Ubuntu is in the tcsh package) http://davesource.com/Bugs/tcsh.1.html Dave --------------------------------------------------------------------------- Dave Ljung Madison http://GetDave.com/ 415.341.5555 -- Don't drink don't smoke watchya gonna do? Must be something inside.. -- From carpetsmoker at rwxrwxrwx.net Wed May 14 09:49:11 2008 From: carpetsmoker at rwxrwxrwx.net (Martin Tournoij) Date: Wed, 14 May 2008 08:49:11 +0200 Subject: tcsh crashes when a certain command is entered Message-ID: <20080514064911.GA1184@rwxrwxrwx.net> Hi, On my FreeBSD 7-STABLE system tcsh crashes will crash and coredump when I enter this text: mysqldump -hmysql21.ixwebhosting.com -utEoti0_daemon -p --add-drop-table --add-locks --all --extended-insert --quick --compress -A > daemonforums-${date}.sql It will say "date: Undefined variable." and crash immediately afterwards or a few seconds later. Note that you will need to copy this line *exactly*, tcsh won't crash if I remove or add even a single character (even something like a trailing space). % tcsh --version tcsh 6.15.00 (Astron) 2007-03-03 (i386-intel-FreeBSD) options wide,nls,dl,al,kan,sm,rh,color,filec This is the version that comes with FreeBSD. When I run it with gdb I get: Program received signal SIGSEGV, Segmentation fault. 0x08068a9d in setq (name=0x8092ef4, vec=0x8109340, p=0x80a98c4, flags=2) at /usr/home/carpetsmoker/tcsh.src/csh/..//sh.set.c:695 The problem does not occur on FreeBSD 6.3. % tcsh --version tcsh 6.14.00 (Astron) 2005-03-25 (i386-intel-FreeBSD) options wide,nls,dl,al,kan,rh,color,filec Unfortunately my C skills are not very good, so no patch... :( -- Martin Tournoij carpetsmoker at rwxrwxrwx.net http://www.daemonforums.org This is a country where people are free to practice their religion, regardless of race, creed, color, obesity, or number of dangling keys... From jsquyres at cisco.com Wed May 14 14:18:02 2008 From: jsquyres at cisco.com (Jeff Squyres) Date: Wed, 14 May 2008 07:18:02 -0400 Subject: tcsh crashes when a certain command is entered In-Reply-To: <20080514064911.GA1184@rwxrwxrwx.net> References: <20080514064911.GA1184@rwxrwxrwx.net> Message-ID: <249C5522-4B75-4182-8651-458BDAFCDCF7@cisco.com> Could this have anything to do with the bug I reported a few months ago? http://mx.gw.com/pipermail/tcsh-bugs/2008-March/000557.html On May 14, 2008, at 2:49 AM, Martin Tournoij wrote: > Hi, > > On my FreeBSD 7-STABLE system tcsh crashes will crash and coredump > when I enter this text: > mysqldump -hmysql21.ixwebhosting.com -utEoti0_daemon -p --add-drop- > table --add-locks --all --extended-insert --quick --compress -A > > daemonforums-${date}.sql > > It will say "date: Undefined variable." and crash immediately > afterwards or a few seconds later. > Note that you will need to copy this line *exactly*, tcsh won't crash > if I remove or add even a single character (even something like a > trailing space). > > % tcsh --version > tcsh 6.15.00 (Astron) 2007-03-03 (i386-intel-FreeBSD) options > wide,nls,dl,al,kan,sm,rh,color,filec > > This is the version that comes with FreeBSD. > > When I run it with gdb I get: > Program received signal SIGSEGV, Segmentation fault. > 0x08068a9d in setq (name=0x8092ef4, vec=0x8109340, p=0x80a98c4, > flags=2) at /usr/home/carpetsmoker/tcsh.src/csh/..//sh.set.c:695 > > The problem does not occur on FreeBSD 6.3. > % tcsh --version > tcsh 6.14.00 (Astron) 2005-03-25 (i386-intel-FreeBSD) options > wide,nls,dl,al,kan,rh,color,filec > > Unfortunately my C skills are not very good, so no patch... :( > > -- > Martin Tournoij > carpetsmoker at rwxrwxrwx.net > http://www.daemonforums.org > > This is a country where people are free to practice their > religion, regardless of race, creed, color, obesity, or number of > dangling keys... > > _______________________________________________ > Tcsh-Bugs mailing list > Tcsh-Bugs at mx.gw.com > http://mx.gw.com/mailman/listinfo/tcsh-bugs -- Jeff Squyres Cisco Systems From carpetsmoker at rwxrwxrwx.net Wed May 14 14:38:56 2008 From: carpetsmoker at rwxrwxrwx.net (Martin Tournoij) Date: Wed, 14 May 2008 13:38:56 +0200 Subject: tcsh crashes when a certain command is entered In-Reply-To: <249C5522-4B75-4182-8651-458BDAFCDCF7@cisco.com> References: <20080514064911.GA1184@rwxrwxrwx.net> <249C5522-4B75-4182-8651-458BDAFCDCF7@cisco.com> Message-ID: <20080514113856.GA2033@rwxrwxrwx.net> On Wed, May 14, 2008 at 07:18:02AM -0400, Jeff Squyres wrote: > On May 14, 2008, at 2:49 AM, Martin Tournoij wrote: >> On my FreeBSD 7-STABLE system tcsh crashes will crash and coredump >> when I enter this text: >> mysqldump -hmysql21.ixwebhosting.com -utEoti0_daemon -p --add-drop-table --add-locks --all --extended-insert --quick --compress -A > daemonforums-${date}.sql > Could this have anything to do with the bug I reported a few months ago? > > http://mx.gw.com/pipermail/tcsh-bugs/2008-March/000557.html I don't think so ... I can't reproduce your problem with either tcsh 6.15 or 6.14 on FreeBSD... -- Martin Tournoij carpetsmoker at rwxrwxrwx.net http://www.daemonforums.org Sometimes a cigar is just a cigar. -- Sigmund Freud From christos at zoulas.com Wed May 14 21:14:11 2008 From: christos at zoulas.com (Christos Zoulas) Date: Wed, 14 May 2008 14:14:11 -0400 Subject: tcsh crashes when a certain command is entered In-Reply-To: <249C5522-4B75-4182-8651-458BDAFCDCF7@cisco.com> from Jeff Squyres (May 14, 7:18am) Message-ID: <20080514181411.1038856550@rebar.astron.com> On May 14, 7:18am, jsquyres at cisco.com (Jeff Squyres) wrote: -- Subject: Re: tcsh crashes when a certain command is entered | Could this have anything to do with the bug I reported a few months ago? | | http://mx.gw.com/pipermail/tcsh-bugs/2008-March/000557.html | I think this is different. I think it has to do with variable evaluation in doio()/splicepipe() and that happening under vfork() and trashing the stack of the parent. It looks hard to fix. Yours looks more like a race condition. christos From christos at zoulas.com Wed May 14 23:10:01 2008 From: christos at zoulas.com (Christos Zoulas) Date: Wed, 14 May 2008 16:10:01 -0400 Subject: tcsh crashes when a certain command is entered In-Reply-To: <20080514064911.GA1184@rwxrwxrwx.net> from "Martin Tournoij" (May 14, 8:49am) Message-ID: <20080514201002.0189156550@rebar.astron.com> On May 14, 8:49am, carpetsmoker at rwxrwxrwx.net ("Martin Tournoij") wrote: -- Subject: tcsh crashes when a certain command is entered | Hi, | | On my FreeBSD 7-STABLE system tcsh crashes will crash and coredump | when I enter this text: | mysqldump -hmysql21.ixwebhosting.com -utEoti0_daemon -p --add-drop-table --add-locks --all --extended-insert --quick --compress -A > daemonforums-${date}.sql | | It will say "date: Undefined variable." and crash immediately | afterwards or a few seconds later. | Note that you will need to copy this line *exactly*, tcsh won't crash | if I remove or add even a single character (even something like a | trailing space). Yes, this is due to vfork() and the child process smashing the stack of the parent. Here's a fix. running tcsh -F avoids the problem too. christos Index: sh.dol.c =================================================================== RCS file: /p/tcsh/cvsroot/tcsh/sh.dol.c,v retrieving revision 3.73 diff -u -u -r3.73 sh.dol.c --- sh.dol.c 28 Feb 2008 22:13:20 -0000 3.73 +++ sh.dol.c 14 May 2008 20:08:24 -0000 @@ -138,7 +138,8 @@ static Char ** Dfix2(Char *const *v) { - struct blk_buf bb = BLK_BUF_INIT; + struct blk_buf *bb = bb_alloc(); + Char **vec; Dvp = v; Dcp = STRNULL; /* Setup input vector for Dreadc */ @@ -146,12 +147,14 @@ unDredc(0); /* Clear out any old peeks (at error) */ dolp = 0; dolcnt = 0; /* Clear out residual $ expands (...) */ - cleanup_push(&bb, bb_cleanup); - while (Dword(&bb)) + cleanup_push(bb, bb_free); + while (Dword(bb)) continue; - cleanup_ignore(&bb); - cleanup_until(&bb); - return bb_finish(&bb); + cleanup_ignore(bb); + cleanup_until(bb); + vec = bb_finish(bb); + xfree(bb); + return vec; } /* @@ -199,18 +202,19 @@ Dword(struct blk_buf *bb) { eChar c, c1; - struct Strbuf wbuf = Strbuf_INIT; + struct Strbuf *wbuf = Strbuf_alloc(); int dolflg; int sofar = 0; + Char *str; - cleanup_push(&wbuf, Strbuf_cleanup); + cleanup_push(wbuf, Strbuf_free); for (;;) { c = DgetC(DODOL); switch (c) { case DEOF: if (sofar == 0) { - cleanup_until(&wbuf); + cleanup_until(wbuf); return (0); } /* finish this word and catch the code above the next time */ @@ -226,7 +230,7 @@ case '`': /* We preserve ` quotations which are done yet later */ - Strbuf_append1(&wbuf, (Char) c); + Strbuf_append1(wbuf, (Char) c); /*FALLTHROUGH*/ case '\'': case '"': @@ -240,11 +244,13 @@ c = DgetC(dolflg); if (c == c1) break; - if (c == '\n' || c == DEOF) + if (c == '\n' || c == DEOF) { + cleanup_until(bb); stderror(ERR_UNMATCHED, (int)c1); + } if ((c & (QUOTE | TRIM)) == ('\n' | QUOTE)) { - if (wbuf.len != 0 && (wbuf.s[wbuf.len - 1] & TRIM) == '\\') - wbuf.len--; + if (wbuf->len != 0 && (wbuf->s[wbuf->len - 1] & TRIM) == '\\') + wbuf->len--; } switch (c1) { @@ -253,17 +259,17 @@ * Leave any `s alone for later. Other chars are all * quoted, thus `...` can tell it was within "...". */ - Strbuf_append1(&wbuf, c == '`' ? '`' : c | QUOTE); + Strbuf_append1(wbuf, c == '`' ? '`' : c | QUOTE); break; case '\'': /* Prevent all further interpretation */ - Strbuf_append1(&wbuf, c | QUOTE); + Strbuf_append1(wbuf, c | QUOTE); break; case '`': /* Leave all text alone for later */ - Strbuf_append1(&wbuf, (Char) c); + Strbuf_append1(wbuf, (Char) c); break; default: @@ -271,9 +277,9 @@ } } if (c1 == '`') - Strbuf_append1(&wbuf, '`'); + Strbuf_append1(wbuf, '`'); sofar = 1; - if (Dpack(&wbuf) != 0) + if (Dpack(wbuf) != 0) goto end; continue; @@ -289,14 +295,16 @@ } unDgetC(c); sofar = 1; - if (Dpack(&wbuf) != 0) + if (Dpack(wbuf) != 0) goto end; } end: - cleanup_ignore(&wbuf); - cleanup_until(&wbuf); - bb_append(bb, Strbuf_finish(&wbuf)); + cleanup_ignore(wbuf); + cleanup_until(wbuf); + str = Strbuf_finish(wbuf); + bb_append(bb, str); + xfree(wbuf); return 1; } @@ -366,13 +374,13 @@ { Char *np; struct varent *vp = NULL; - struct Strbuf name = Strbuf_INIT; + struct Strbuf *name = Strbuf_alloc(); eChar c, sc; int subscr = 0, lwb = 1, upb = 0; int dimen = 0, bitset = 0, length = 0; static Char *dolbang = NULL; - cleanup_push(&name, Strbuf_cleanup); + cleanup_push(name, Strbuf_free); dolmod.len = dolmcnt = dol_flag_a = 0; c = sc = DgetC(0); if (c == DEOF) { @@ -396,14 +404,14 @@ xfree(dolbang); setDolp(dolbang = putn(backpid)); } - cleanup_until(&name); + cleanup_until(name); goto eatbrac; case '$': if (dimen || bitset || length) stderror(ERR_SYNTAX); setDolp(doldol); - cleanup_until(&name); + cleanup_until(name); goto eatbrac; case '<'|QUOTE: { @@ -471,13 +479,13 @@ fixDolMod(); setDolp(wbuf.s); /* Kept allocated until next $< expansion */ - cleanup_until(&name); + cleanup_until(name); goto eatbrac; } case '*': - Strbuf_append(&name, STRargv); - Strbuf_terminate(&name); + Strbuf_append(name, STRargv); + Strbuf_terminate(name); vp = adrof(STRargv); subscr = -1; /* Prevent eating [...] */ break; @@ -487,8 +495,8 @@ np = dimen ? STRargv : (bitset ? STRstatus : NULL); if (np) { bitset = 0; - Strbuf_append(&name, np); - Strbuf_terminate(&name); + Strbuf_append(name, np); + Strbuf_terminate(name); vp = adrof(np); subscr = -1; /* Prevent eating [...] */ unDredc(c); @@ -513,7 +521,7 @@ if (subscr == 0) { if (bitset) { dolp = dolzero ? STR1 : STR0; - cleanup_until(&name); + cleanup_until(name); goto eatbrac; } if (ffile == 0) @@ -526,7 +534,7 @@ fixDolMod(); setDolp(ffile); } - cleanup_until(&name); + cleanup_until(name); goto eatbrac; } #if 0 @@ -538,7 +546,7 @@ vp = adrof(STRargv); if (vp == 0) { vp = &nulargv; - cleanup_until(&name); + cleanup_until(name); goto eatmod; } break; @@ -547,8 +555,8 @@ np = dimen ? STRargv : (bitset ? STRstatus : NULL); if (np) { bitset = 0; - Strbuf_append(&name, np); - Strbuf_terminate(&name); + Strbuf_append(name, np); + Strbuf_terminate(name); vp = adrof(np); subscr = -1; /* Prevent eating [...] */ unDredc(c); @@ -558,52 +566,52 @@ stderror(ERR_VARALNUM); } for (;;) { - Strbuf_append1(&name, (Char) c); + Strbuf_append1(name, (Char) c); c = DgetC(0); if (c == DEOF || !alnum(c)) break; } - Strbuf_terminate(&name); + Strbuf_terminate(name); unDredc(c); - vp = adrof(name.s); + vp = adrof(name->s); } if (bitset) { - dolp = (vp || getenv(short2str(name.s))) ? STR1 : STR0; - cleanup_until(&name); + dolp = (vp || getenv(short2str(name->s))) ? STR1 : STR0; + cleanup_until(name); goto eatbrac; } if (vp == NULL || vp->vec == NULL) { - np = str2short(getenv(short2str(name.s))); + np = str2short(getenv(short2str(name->s))); if (np) { static Char *env_val; /* = NULL; */ - cleanup_until(&name); + cleanup_until(name); fixDolMod(); xfree(env_val); env_val = Strsave(np); setDolp(env_val); goto eatbrac; } - udvar(name.s); + udvar(name->s); /* NOTREACHED */ } - cleanup_until(&name); + cleanup_until(name); c = DgetC(0); upb = blklen(vp->vec); if (dimen == 0 && subscr == 0 && c == '[') { - name = Strbuf_init; - cleanup_push(&name, Strbuf_cleanup); - np = name.s; + name = Strbuf_alloc(); + cleanup_push(name, Strbuf_free); + np = name->s; for (;;) { c = DgetC(DODOL); /* Allow $ expand within [ ] */ if (c == ']') break; if (c == '\n' || c == DEOF) stderror(ERR_INCBR); - Strbuf_append1(&name, (Char) c); + Strbuf_append1(name, (Char) c); } - Strbuf_terminate(&name); - np = name.s; + Strbuf_terminate(name); + np = name->s; if (dolp || dolcnt) /* $ exp must end before ] */ stderror(ERR_EXPORD); if (!*np) @@ -614,7 +622,7 @@ for (i = 0; Isdigit(*np); i = i * 10 + *np++ - '0') continue; if (i < 0 || i > upb) { - cleanup_until(&name); + cleanup_until(name); dolerror(vp->v_name); return; } @@ -635,7 +643,7 @@ while (Isdigit(*np)) i = i * 10 + *np++ - '0'; if (i < 0 || i > upb) { - cleanup_until(&name); + cleanup_until(name); dolerror(vp->v_name); return; } @@ -647,7 +655,7 @@ } if (lwb == 0) { if (upb != 0) { - cleanup_until(&name); + cleanup_until(name); dolerror(vp->v_name); return; } @@ -655,7 +663,7 @@ } if (*np) stderror(ERR_SYNTAX); - cleanup_until(&name); + cleanup_until(name); } else { if (subscr > 0) { Index: tc.decls.h =================================================================== RCS file: /p/tcsh/cvsroot/tcsh/tc.decls.h,v retrieving revision 3.63 diff -u -u -r3.63 tc.decls.h --- tc.decls.h 14 Feb 2006 14:07:36 -0000 3.63 +++ tc.decls.h 14 May 2008 20:08:24 -0000 @@ -1,4 +1,4 @@ -/* $Header: /p/tcsh/cvsroot/tcsh/tc.decls.h,v 3.63 2006/02/14 14:07:36 christos Exp $ */ +/* $Header: /src/pub/tcsh/tc.decls.h,v 3.63 2006/02/14 14:07:36 christos Exp $ */ /* * tc.decls.h: Function declarations from all the tcsh modules */ @@ -294,10 +294,13 @@ #endif extern char *short2qstr (const Char *); +extern struct blk_buf *bb_alloc (void); extern void bb_append (struct blk_buf *, Char *); extern void bb_cleanup (void *); extern Char **bb_finish (struct blk_buf *); +extern void bb_free (void *); +extern struct strbuf *strbuf_alloc(void); extern void strbuf_terminate(struct strbuf *); extern void strbuf_append1(struct strbuf *, char); extern void strbuf_appendn(struct strbuf *, const char *, @@ -305,6 +308,8 @@ extern void strbuf_append (struct strbuf *, const char *); extern char *strbuf_finish (struct strbuf *); extern void strbuf_cleanup(void *); +extern void strbuf_free(void *); +extern struct Strbuf *Strbuf_alloc(void); extern void Strbuf_terminate(struct Strbuf *); extern void Strbuf_append1(struct Strbuf *, Char); extern void Strbuf_appendn(struct Strbuf *, const Char *, @@ -312,6 +317,7 @@ extern void Strbuf_append (struct Strbuf *, const Char *); extern Char *Strbuf_finish (struct Strbuf *); extern void Strbuf_cleanup(void *); +extern void Strbuf_free(void *); /* Index: tc.str.c =================================================================== RCS file: /p/tcsh/cvsroot/tcsh/tc.str.c,v retrieving revision 3.26 diff -u -u -r3.26 tc.str.c --- tc.str.c 2 Mar 2006 18:46:45 -0000 3.26 +++ tc.str.c 14 May 2008 20:08:24 -0000 @@ -490,6 +490,12 @@ return (sdst); } +struct blk_buf * +bb_alloc() +{ + return xcalloc(1, sizeof(struct blk_buf)); +} + static void bb_store(struct blk_buf *bb, Char *str) { @@ -522,6 +528,13 @@ xfree(bb->vec); } +void +bb_free(void *bb) +{ + bb_cleanup(bb); + xfree(bb); +} + Char ** bb_finish(struct blk_buf *bb) { @@ -530,6 +543,13 @@ } #define DO_STRBUF(STRBUF, CHAR, STRLEN) \ + \ +struct STRBUF * \ +STRBUF##_alloc(void) \ +{ \ + return xcalloc(1, sizeof(struct STRBUF)); \ +} \ + \ static void \ STRBUF##_store1(struct STRBUF *buf, CHAR c) \ { \ @@ -593,6 +613,13 @@ xfree(buf->s); \ } \ \ +void \ +STRBUF##_free(void *xbuf) \ +{ \ + STRBUF##_cleanup(xbuf); \ + xfree(xbuf); \ +} \ + \ const struct STRBUF STRBUF##_init /* = STRBUF##_INIT; */ DO_STRBUF(strbuf, char, strlen); From carpetsmoker at rwxrwxrwx.net Fri May 16 00:35:47 2008 From: carpetsmoker at rwxrwxrwx.net (Martin Tournoij) Date: Thu, 15 May 2008 23:35:47 +0200 Subject: tcsh crashes when a certain command is entered In-Reply-To: <20080514201002.0189156550@rebar.astron.com> References: <20080514064911.GA1184@rwxrwxrwx.net> <20080514201002.0189156550@rebar.astron.com> Message-ID: <20080515213547.GA3760@rwxrwxrwx.net> On Wed, May 14, 2008 at 04:10:01PM -0400, Christos Zoulas wrote: > On May 14, 8:49am, carpetsmoker at rwxrwxrwx.net ("Martin Tournoij") wrote: > -- Subject: tcsh crashes when a certain command is entered > > | Hi, > | > | On my FreeBSD 7-STABLE system tcsh crashes will crash and coredump > | when I enter this text: > | mysqldump -hmysql21.ixwebhosting.com -utEoti0_daemon -p --add-drop-table --add-locks --all --extended-insert --quick --compress -A > daemonforums-${date}.sql > | > | It will say "date: Undefined variable." and crash immediately > | afterwards or a few seconds later. > | Note that you will need to copy this line *exactly*, tcsh won't crash > | if I remove or add even a single character (even something like a > | trailing space). > > Yes, this is due to vfork() and the child process smashing the stack > of the parent. Here's a fix. running tcsh -F avoids the problem too. > > christos > > [ patch snipped ] Great, I tested the patch and it solves the issue. Thank you. -- Martin Tournoij carpetsmoker at rwxrwxrwx.net http://www.daemonforums.org I went to a Grateful Dead Concert and they played for SEVEN hours. Great song. -- Fred Reuss From per at hedeland.org Wed May 21 15:54:45 2008 From: per at hedeland.org (Per Hedeland) Date: Wed, 21 May 2008 14:54:45 +0200 (CEST) Subject: Spelling correction bug in 6.15.00 Message-ID: <200805211254.m4LCsjZh015412@pluto.hedeland.org> See below (note that the command has the same name as the directory it's in) - also in 6.15.01, but not in 6.14.00. I could probably dig it out myself with some effort, but in case someone can see the fix without digging and/or effort... --Per Hedeland mars 44> pwd /tmp/foo mars 45> echo $path /usr/local/bin /bin /usr/bin . mars 46> echo $correct cmd mars 47> cp /usr/bin/true foo mars 48> ./foo CORRECT>../foo (y|n|e|a)? yes ../foo: Permission denied. mars 49> set path = ( /usr/local/bin /bin /usr/bin ) mars 50> ./foo mars 51>