#42 zsh.exe crash

open
nobody
None
5
2008-04-21
2008-04-21
Anonymous
No

Hi,

I am facing a problem in during shell script execution using zsh.exe.

During my shell script execution (which is specific to our product), all of sudden zsh.exe is crashing in fmalloc function (defined in fork.c).

With the information available in the crash report and using zsh.map file, the point of crash
happens in fork.c code at given line -

/* remove from linked list */
__nextf[bucket] = __nextf[bucket]->ov_next;

The address stored in __nextf[bucket] is out of process space and it leads to access violation. This address is equal to MAGIC number and its value is
0xFD000000. I am suspecting somehow hash calculation is causing a problem. overhead union is used for two purpose in fork.c -
If next block is free then __nextf[bucket] always given next free block address.
If next block is used then __nextf[bucket] contains information about current used block index and a MAGIC number 0xFD.

So overhead union represented by following declaration -

union overhead {
union overhead *ov_next; /* when free */
struct {
U_char ovu_magic; /* magic number */
U_char ovu_index; /* bucket # */
}ovu;
};

Please help me if someone else is observing a crash in zsh.exe during malloc call.

Discussion