Thanks - applied to OpenBSD will be in git soon.
On Fri, Apr 11, 2014 at 09:28:13PM +0200, Julien Rebetez wrote:
> The fix works for me !
> Thank you
>
> On Fri, Apr 11, 2014 at 9:10 PM, Nicholas Marriott
> <nicholas.marri...@gmail.com> wrote:
> > It doesn't crash for me, but this does:
> >
> > tmux setb $(perl -e "print \"x\"x1042")
> >
> > Please try this fix (also fixes some other similar things):
> >
> >
> > diff --git a/arguments.c b/arguments.c
> > index d4e5e53..fd656b1 100644
> > --- a/arguments.c
> > +++ b/arguments.c
> > @@ -125,7 +125,7 @@ args_free(struct args *args)
> > size_t
> > args_print(struct args *args, char *buf, size_t len)
> > {
> > - size_t off;
> > + size_t off, used;
> > int i;
> > const char *quotes;
> > struct args_entry *entry;
> > @@ -165,9 +165,12 @@ args_print(struct args *args, char *buf, size_t len)
> > quotes = "\"";
> > else
> > quotes = "";
> > - off += xsnprintf(buf + off, len - off, "%s-%c %s%s%s",
> > + used = xsnprintf(buf + off, len - off, "%s-%c %s%s%s",
> > off != 0 ? " " : "", entry->flag, quotes, entry->value,
> > quotes);
> > + if (used > len - off)
> > + used = len - off;
> > + off += used;
> > }
> >
> > /* And finally the argument vector. */
> > @@ -181,8 +184,11 @@ args_print(struct args *args, char *buf, size_t len)
> > quotes = "\"";
> > else
> > quotes = "";
> > - off += xsnprintf(buf + off, len - off, "%s%s%s%s",
> > + used = xsnprintf(buf + off, len - off, "%s%s%s%s",
> > off != 0 ? " " : "", quotes, args->argv[i], quotes);
> > + if (used > len - off)
> > + used = len - off;
> > + off += used;
> > }
> >
> > return (off);
> > diff --git a/cmd-list.c b/cmd-list.c
> > index 08e2067..7ef8d1c 100644
> > --- a/cmd-list.c
> > +++ b/cmd-list.c
> > @@ -103,7 +103,7 @@ size_t
> > cmd_list_print(struct cmd_list *cmdlist, char *buf, size_t len)
> > {
> > struct cmd *cmd;
> > - size_t off;
> > + size_t off, used;
> >
> > off = 0;
> > TAILQ_FOREACH(cmd, &cmdlist->list, qentry) {
> > @@ -112,8 +112,12 @@ cmd_list_print(struct cmd_list *cmdlist, char *buf,
> > size_t len)
> > off += cmd_print(cmd, buf + off, len - off);
> > if (off >= len)
> > break;
> > - if (TAILQ_NEXT(cmd, qentry) != NULL)
> > - off += xsnprintf(buf + off, len - off, " ; ");
> > + if (TAILQ_NEXT(cmd, qentry) != NULL) {
> > + used = xsnprintf(buf + off, len - off, " ; ");
> > + if (used > len - off)
> > + used = len - off;
> > + off += used;
> > + }
> > }
> > return (off);
> > }
> > diff --git a/window-copy.c b/window-copy.c
> > index 9aaf554..42b81d2 100644
> > --- a/window-copy.c
> > +++ b/window-copy.c
> > @@ -1194,8 +1194,8 @@ window_copy_write_line(
> > screen_write_puts(ctx, &gc, "%s", hdr);
> > } else if (py == last && data->inputtype != WINDOW_COPY_OFF) {
> > limit = sizeof hdr;
> > - if (limit > screen_size_x(s))
> > - limit = screen_size_x(s);
> > + if (limit > screen_size_x(s) + 1)
> > + limit = screen_size_x(s) + 1;
> > if (data->inputtype == WINDOW_COPY_NUMERICPREFIX) {
> > xoff = size = xsnprintf(hdr, limit,
> > "Repeat: %u", data->numprefix);
> > @@ -1208,10 +1208,12 @@ window_copy_write_line(
> > } else
> > size = 0;
> >
> > - screen_write_cursormove(ctx, xoff, py);
> > - screen_write_copy(ctx, data->backing, xoff,
> > - (screen_hsize(data->backing) - data->oy) + py,
> > - screen_size_x(s) - size, 1);
> > + if (size < screen_size_x(s)) {
> > + screen_write_cursormove(ctx, xoff, py);
> > + screen_write_copy(ctx, data->backing, xoff,
> > + (screen_hsize(data->backing) - data->oy) + py,
> > + screen_size_x(s) - size, 1);
> > + }
> >
> > if (py == data->cy && data->cx == screen_size_x(s)) {
> > memcpy(&gc, &grid_default_cell, sizeof gc);
> >
> >
> >
> > On Fri, Apr 11, 2014 at 05:06:23PM +0200, Julien Rebetez wrote:
> >> I can still reproduce on tmux from git.
> >>
> >> Here is the gdb backtrace (once with 'bt full') from the core dump.
> >>
> >> Best regards,
> >> Julien
> >>
> >>
> >> On Fri, Apr 11, 2014 at 4:40 PM, Nicholas Marriott
> >> <nicholas.marri...@gmail.com> wrote:
> >> > Hi
> >> >
> >> > tmux doesn't crash for me, please try to build tmux from git and see if
> >> > you can still reproduce.
> >> >
> >> > If you can, please see if there is a core file and send me a backtrace
> >> > from gdb.
> >> >
> >> >
> >> > On Fri, Apr 11, 2014 at 04:30:54PM +0200, Julien Rebetez wrote:
> >> >> Hello,
> >> >> First, thanks for this wonderful software !
> >> >>
> >> >> I am using tslime[1] with a custom vim plugin [2] to copy/paste code
> >> >> from vim to an ipython session running in tmux. It's working great but
> >> >> sometimes, tmux crashes with "[lost server]".
> >> >>
> >> >> In the background, tslime use 'tmux set-buffer' to send text to tmux.
> >> >> It seems the crash is very dependent on the content of the buffer and
> >> >> it mostly happens with somewhat large buffers.
> >> >>
> >> >> I wrote a small script [3] that contains an example buffer that
> >> >> reproduces the crash.
> >> >>
> >> >> For example :
> >> >> $ ./crash_tmux.sh
> >> >> failed to connect to server: Connection refused
> >> >>
> >> >> If I remove (or add) one line from the buffer (for example the "if
> >> >> True" near the end), tmux doesn't crash anymore :
> >> >> # Modify crash_tmux.sh to remove the "if True" line
> >> >> $ ./crash_tmux.sh
> >> >> test: 1 windows (created Fri Apr 11 15:25:26 2014) [80x22]
> >> >>
> >> >> System informations :
> >> >> - tmux version : 1.9a
> >> >> - terminal emulator : gnome-terminal
> >> >> - $TERM : xterm-256color
> >> >> - OS : Ubuntu 13.10
> >> >>
> >> >> I also tried removing my .tmux.conf, but it doesn't help.
> >> >>
> >> >> Then, I checked out the git master and started a bisect. (see
> >> >> bisect.log on the gist [3] linked below). It seems the problem is
> >> >> introduced in this revision :
> >> >> http://sourceforge.net/p/tmux/tmux-code/ci/f8c86a9515ae863fcbc38769544be983ce494a3c
> >> >>
> >> >> So I tried commenting out the lines added by this commit and it
> >> >> appears line 217 of cmd-queue.c is the problem :
> >> >>
> >> >> cmd_print(cmdq->cmd, s, sizeof s);
> >> >>
> >> >> If i comment this line, the crash goes away ! Since this seems like
> >> >> those are debug statements, I'll try to run the patched tmux and I'll
> >> >> see if I get any more crashes in the next days.
> >> >>
> >> >> Best regards
> >> >> Julien
> >> >>
> >> >> [1] https://github.com/kikijump/tslime.vim
> >> >> [2] https://github.com/julienr/vimux-pyutils
> >> >> [3] https://gist.github.com/julienr/10470414
> >> >>
> >> >> ------------------------------------------------------------------------------
> >> >> Put Bad Developers to Shame
> >> >> Dominate Development with Jenkins Continuous Integration
> >> >> Continuously Automate Build, Test & Deployment
> >> >> Start a new project now. Try Jenkins in the cloud.
> >> >> http://p.sf.net/sfu/13600_Cloudbees
> >> >> _______________________________________________
> >> >> tmux-users mailing list
> >> >> tmux-users@lists.sourceforge.net
> >> >> https://lists.sourceforge.net/lists/listinfo/tmux-users
> >
> >> [New LWP 8918]
> >> [Thread debugging using libthread_db enabled]
> >> Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
> >> Core was generated by `/home/julien/programs/tmux-git/_install/bin/tmux
> >> new-session -d -s test -n test'.
> >> Program terminated with signal 6, Aborted.
> >> #0 0x00007fc549950f77 in __GI_raise (sig=sig@entry=6) at
> >> ../nptl/sysdeps/unix/sysv/linux/raise.c:56
> >> #0 0x00007fc549950f77 in __GI_raise (sig=sig@entry=6) at
> >> ../nptl/sysdeps/unix/sysv/linux/raise.c:56
> >> #1 0x00007fc5499545e8 in __GI_abort () at abort.c:90
> >> #2 0x00007fc54998e4fb in __libc_message (do_abort=do_abort@entry=1,
> >> fmt=fmt@entry=0x7fc549a9ff10 "*** %s ***: %s terminated\n") at
> >> ../sysdeps/unix/sysv/linux/libc_fatal.c:199
> >> #3 0x00007fc549a2c08c in __GI___fortify_fail (msg=<optimized out>,
> >> msg@entry=0x7fc549a9fef8 "stack smashing detected") at fortify_fail.c:37
> >> #4 0x00007fc549a2c030 in __stack_chk_fail () at stack_chk_fail.c:28
> >> #5 0x000000000041016e in cmdq_continue (cmdq=0x1218a10) at cmd-queue.c:267
> >> #6 0x000000000040fd05 in cmdq_run (cmdq=0x1218a10, cmdlist=0x1220d60) at
> >> cmd-queue.c:176
> >> #7 0x00000000004362ea in server_client_msg_command (c=0x1222f40,
> >> imsg=0x7fffba5bfe20) at server-client.c:943
> >> #8 0x0000000000435e11 in server_client_msg_dispatch (c=0x1222f40) at
> >> server-client.c:836
> >> #9 0x000000000043476d in server_client_callback (fd=5, events=2,
> >> data=0x1222f40) at server-client.c:231
> >> #10 0x00007fc549f09f94 in event_base_loop () from
> >> /usr/lib/x86_64-linux-gnu/libevent-2.0.so.5
> >> #11 0x0000000000438fde in server_loop () at server.c:210
> >> #12 0x0000000000438fbd in server_start (lockfd=5, lockfile=0x121a650 "")
> >> at server.c:201
> >> #13 0x0000000000405ded in client_connect (path=0x692a60 <socket_path>
> >> "/tmp/tmux-1000/default", start_server=1) at client.c:130
> >> #14 0x00000000004060ff in client_main (argc=6, argv=0x7fffba5c3400,
> >> flags=65536) at client.c:238
> >> #15 0x0000000000443c5e in main (argc=6, argv=0x7fffba5c3400) at tmux.c:389
> >
> >> [New LWP 8918]
> >> [Thread debugging using libthread_db enabled]
> >> Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
> >> Core was generated by `/home/julien/programs/tmux-git/_install/bin/tmux
> >> new-session -d -s test -n test'.
> >> Program terminated with signal 6, Aborted.
> >> #0 0x00007fc549950f77 in __GI_raise (sig=sig@entry=6) at
> >> ../nptl/sysdeps/unix/sysv/linux/raise.c:56
> >> #0 0x00007fc549950f77 in __GI_raise (sig=sig@entry=6) at
> >> ../nptl/sysdeps/unix/sysv/linux/raise.c:56
> >> resultvar = 0
> >> pid = 8918
> >> selftid = 8918
> >> #1 0x00007fc5499545e8 in __GI_abort () at abort.c:90
> >> save_stage = 2
> >> act = {__sigaction_handler = {sa_handler = 0x0, sa_sigaction =
> >> 0x0}, sa_mask = {__val = {4569798, 140736319977008, 140736319976992,
> >> 4590425, 4590427, 140736319977464, 1234581650, 0, 0, 0, 0, 0, 0, 0, 0,
> >> 4294967295}}, sa_flags = 0, sa_restorer = 0xffffffff00000000}
> >> sigs = {__val = {32, 0 <repeats 15 times>}}
> >> #2 0x00007fc54998e4fb in __libc_message (do_abort=do_abort@entry=1,
> >> fmt=fmt@entry=0x7fc549a9ff10 "*** %s ***: %s terminated\n") at
> >> ../sysdeps/unix/sysv/linux/libc_fatal.c:199
> >> ap = {{gp_offset = 32, fp_offset = 48, overflow_arg_area =
> >> 0x7fffba5bf8e0, reg_save_area = 0x7fffba5bf7f0}}
> >> ap_copy = {{gp_offset = 16, fp_offset = 48, overflow_arg_area =
> >> 0x7fffba5bf8e0, reg_save_area = 0x7fffba5bf7f0}}
> >> fd = 2
> >> on_2 = <optimized out>
> >> list = <optimized out>
> >> nlist = <optimized out>
> >> cp = <optimized out>
> >> written = <optimized out>
> >> #3 0x00007fc549a2c08c in __GI___fortify_fail (msg=<optimized out>,
> >> msg@entry=0x7fc549a9fef8 "stack smashing detected") at fortify_fail.c:37
> >> do_abort = 1
> >> #4 0x00007fc549a2c030 in __stack_chk_fail () at stack_chk_fail.c:28
> >> No locals.
> >> #5 0x000000000041016e in cmdq_continue (cmdq=0x1218a10) at cmd-queue.c:267
> >> next = 0x0
> >> retval = CMD_RETURN_NORMAL
> >> empty = 1
> >> guard = 0
> >> flags = 0
> >> s = "set-buffer \"\"##\ndef laplacian_smoothing(verts, faces):\n
> >> \"\"\"\n Laplacian mesh smoothing\n
> >> http://en.wikipedia.org/wiki/Laplacian_smoothing\n\n Basically, each
> >> vertex is replaced by a weighted a"...
> >> #6 0x000000000040fd05 in cmdq_run (cmdq=0x1218a10, cmdlist=0x1220d60) at
> >> cmd-queue.c:176
> >> No locals.
> >> #7 0x00000000004362ea in server_client_msg_command (c=0x1222f40,
> >> imsg=0x7fffba5bfe20) at server-client.c:943
> >> data = {argc = 2}
> >> buf = 0x1235c94 "set-buffer"
> >> len = 1038
> >> cmdlist = 0x1220d60
> >> argc = 2
> >> argv = 0x1240440
> >> cause = 0x0
> >> __func__ = "server_client_msg_command"
> >> #8 0x0000000000435e11 in server_client_msg_dispatch (c=0x1222f40) at
> >> server-client.c:836
> >> imsg = {hdr = {type = 200, len = 1058, flags = 0, peerid = 8, pid
> >> = 4294967295}, fd = -1, data = 0x1235c90}
> >> stdindata = {size = 0, data = '\000' <repeats 7440 times>...}
> >> data = 0x1235c90 "\002"
> >> n = 1058
> >> datalen = 1042
> >> __func__ = "server_client_msg_dispatch"
> >> #9 0x000000000043476d in server_client_callback (fd=5, events=2,
> >> data=0x1222f40) at server-client.c:231
> >> c = 0x1222f40
> >> #10 0x00007fc549f09f94 in event_base_loop () from
> >> /usr/lib/x86_64-linux-gnu/libevent-2.0.so.5
> >> No symbol table info available.
> >> #11 0x0000000000438fde in server_loop () at server.c:210
> >> No locals.
> >> #12 0x0000000000438fbd in server_start (lockfd=5, lockfile=0x121a650 "")
> >> at server.c:201
> >> pair = {6, 7}
> >> tv = {tv_sec = 1, tv_usec = 0}
> >> cause = 0x6 <Address 0x6 out of bounds>
> >> __func__ = "server_start"
> >> #13 0x0000000000405ded in client_connect (path=0x692a60 <socket_path>
> >> "/tmp/tmux-1000/default", start_server=1) at client.c:130
> >> sa = {sun_family = 1, sun_path = "/tmp/tmux-1000/default", '\000'
> >> <repeats 85 times>}
> >> size = 22
> >> fd = 5
> >> lockfd = 5
> >> lockfile = 0x121a650 ""
> >> __func__ = "client_connect"
> >> #14 0x00000000004060ff in client_main (argc=6, argv=0x7fffba5c3400,
> >> flags=65536) at client.c:238
> >> cmd = 0x0
> >> cmdlist = 0x121a4d0
> >> data = 0x28282353
> >> cmdflags = 3
> >> fd = 1242818656
> >> i = 18981200
> >> ppid = 32709
> >> msg = MSG_COMMAND
> >> cause = 0x0
> >> tio = {c_iflag = 1313166917, c_oflag = 1330536276, c_cflag =
> >> 1280069456, c_lflag = 0, c_line = 1 '\001', c_cc =
> >> "\000\000\000T_NO\000\000\000\000\000\000\000\000\200!\\\272\377\177\000\000\020\361\357I\305\177\000\000",
> >> c_ispeed = 0, c_ospeed = 3126600080}
> >> saved_tio = {c_iflag = 4208704, c_oflag = 0, c_cflag = 1998626048,
> >> c_lflag = 4131902374, c_line = 0 '\000', c_cc = '\000' <repeats 15 times>,
> >> "\220!\\\272\377\177\000\000@8@\000\000\000\000", <incomplete sequence
> >> \360>, c_ispeed = 32767, c_ospeed = 0}
> >> size = 140736319987952
> >> #15 0x0000000000443c5e in main (argc=6, argv=0x7fffba5c3400) at tmux.c:389
> >> pw = 0x0
> >> s = 0x0
> >> path = 0x1219e30 "EVENT_NOEPOLL=1"
> >> label = 0x1219e10 ""
> >> var = 0x7fffba5c36f0
> >> tmp = "/home/julien", '\000' <repeats 780 times>...
> >> in = '\000' <repeats 255 times>
> >> home = 0x7fffba5c5ccf "/home/julien"
> >> pid = 0
> >> opt = -1
> >> flags = 65536
> >> quiet = 0
> >> keys = 1
> >> session = 0
> >
------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________
tmux-users mailing list
tmux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tmux-users
