Bug#1004645: rc: Tab complete leads to crash on some (e.g. empty) lines
Am 02.06.22 um 14:18 schrieb Nils Dagsson Moskopp:
Bernhard Übelacker <bernhardu@mailbox.org> writes:
Maybe you could try again with installing valgrind and starting rc like this:
valgrind rc
I did this and then pressed tab on an empty line and got the following:
--- snip ---
==6292== Invalid free() / delete / delete[] / realloc()
==6292== at 0x4837867: free (in /usr/lib/i386-linux-gnu/valgrind/vgpreload_memcheck-x86-linux.so)
==6292== by 0x1134BF: ??? (in /usr/bin/rc.byron)
==6292== by 0x118B7C: ??? (in /usr/bin/rc.byron)
==6292== by 0x118473: ??? (in /usr/bin/rc.byron)
==6292== by 0x488B775: rl_completion_matches (in /lib/i386-linux-gnu/libreadline.so.8.1)
--- snap ---
When invoked under valgrind, rc did not crash after this output.
Hello Nils,
it took some time, but finally I found one trigger, to
reproduce this, is having some files without the execute bit
set in a directory in the path environment.
Unfortunately my minimal test VM had no such file in the first place.
With such a file I could it reproduce it, also with
a current testing amd64 system.
The issue is that the Debian patch [1] added an efree call,
that gets also reached if the previous efree call a few lines before
got already executed.
I created a merge request [2] with a small modification to this,
to avoid the double free.
In upstream bug tracker got this issue [3] opened for this issue.
Kind regards,
Bernhard
[1] https://sources.debian.org/patches/rc/1.7.4+97.gceb59bb-4/0005-Fix-uninitialized-variable-error.patch/
[2] https://salsa.debian.org/bernhardu-guest/rc/-/merge_requests/1
[3] https://github.com/rakitzis/rc/issues/75
Reply to: