#286 2.0.20: SIGSEGV in event_pending

For_2.0
closed-works-for-me
nobody
5
2012-08-28
2012-08-28
Anonymous
No

2.0.20 will crash the whole tmux server on pressing certain keys like Esc. 2.0.19 was fine.

Backtrace:
Program received signal SIGSEGV, Segmentation fault.
0x00007feeccf5cfb7 in event_pending (ev=0x1be53f8, event=1, tv=0x0) at event.c:1849
1849 EVBASE_ACQUIRE_LOCK(ev->ev_base, th_base_lock);
(gdb) bt
#0 0x00007feeccf5cfb7 in event_pending (ev=0x1be53f8, event=1, tv=0x0) at event.c:1849
#1 0x000000000043e92f in tty_keys_next (tty=0x1be5338) at tty-keys.c:546
#2 0x00000000004401e1 in tty_read_callback (bufev=0x1bf1d90, data=0x1be5338) at tty.c:177
#3 0x00007feeccf68872 in _bufferevent_run_readcb (bufev=bufev@entry=0x1bf1d90) at bufferevent.c:232
#4 0x00007feeccf69a26 in bufferevent_readcb (fd=6, event=<optimized out>, arg=0x1bf1d90) at bufferevent_sock.c:183
#5 0x00007feeccf602c5 in event_persist_closure (ev=0x1bf1da0, base=0x1bba720) at event.c:1297
#6 event_process_active_single_queue (activeq=0x1bba6e0, base=0x1bba720) at event.c:1341
#7 event_process_active (base=<optimized out>) at event.c:1416
#8 event_base_loop (base=0x1bba720, flags=1) at event.c:1617
#9 0x00007feeccf605b9 in event_loop (flags=<optimized out>) at event.c:1529
#10 0x0000000000433860 in server_loop () at server.c:212
#11 0x0000000000433844 in server_start (lockfd=6, lockfile=0x1bbb050 "") at server.c:203
#12 0x0000000000404cbd in client_connect (path=0x68b700 <socket_path> "/tmp/tmux-1000/default", start_server=1) at client.c:124
#13 0x0000000000404f64 in client_main (argc=4, argv=0x7fff1286a830, flags=1) at client.c:220
#14 0x000000000043e0d2 in main (argc=4, argv=0x7fff1286a830) at tmux.c:404

Discussion

  • Nick Mathewson
    Nick Mathewson
    2012-08-28

    What's the output of "print *ev" when this stack trace occurs? Does tmux enable pthrads support in libevent beforethis point or not?

     

  • Anonymous
    2012-08-28

    (gdb) print *ev
    $1 = {ev_active_next = {tqe_next = 0x0, tqe_prev = 0x0}, ev_next = {tqe_next = 0x0, tqe_prev = 0x0}, ev_timeout_pos = {ev_next_with_common_timeout = {
    tqe_next = 0x0, tqe_prev = 0x0}, min_heap_idx = 0}, ev_fd = 0, ev_base = 0x0, _ev = {ev_io = {ev_io_next = {tqe_next = 0x0, tqe_prev = 0x0},
    ev_timeout = {tv_sec = 0, tv_usec = 0}}, ev_signal = {ev_signal_next = {tqe_next = 0x0, tqe_prev = 0x0}, ev_ncalls = 0, ev_pncalls = 0x0}},
    ev_events = 0, ev_res = 0, ev_flags = 0, ev_pri = 0 '\000', ev_closure = 0 '\000', ev_timeout = {tv_sec = 0, tv_usec = 0}, ev_callback = 0x0,
    ev_arg = 0x0}

    About pthreads… no idea, but given the nature of tmux, I guess yes.

     
  • Nick Mathewson
    Nick Mathewson
    2012-08-28

    Okay, that's not an event. That's just a hunk of memory that is set to 0. It's only legal to call event_pending() on an actual event that's been initialized with event_set(), event_new(), or event_assign().

    As a tmux bug fix, try changing the code to say: "(event_initialized(ev) && event_pending(ev))" instead of "event_pending(ev)".

     

  • Anonymous
    2012-08-28

    No more crashes anymore, indeed. Thanks!

     
  • Nick Mathewson
    Nick Mathewson
    2012-08-28

    • status: open --> closed-works-for-me
     
  • Nick Mathewson
    Nick Mathewson
    2012-08-28

    Glad to hear it! I see that you've reported it to the tmux people, with a patch; I'll close this ticket then.