From: "Fabian Rast" <fabian.rast@tum.de>
To: <dash@vger.kernel.org>
Subject: [PATCH] main.c: obviously initialize smark
Date: Tue, 06 Jan 2026 16:34:27 +0100 [thread overview]
Message-ID: <DFHM744ATISY.1T8SIZ5DGCL1C@tum.de> (raw)
[-- Attachment #1: Type: text/plain, Size: 2065 bytes --]
Otherwise an optimizing compiler (with LTO) might conclude that an
undefined value is used in the popstackmark call in the setjmp handler,
causing undefined behavior.
---
src/main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/main.c b/src/main.c
index 5d25b8d..1ab8c04 100644
--- a/src/main.c
+++ b/src/main.c
@@ -105,6 +105,7 @@ main(int argc, char **argv)
#endif
setlocale(LC_ALL, "");
+ setstackmark(&smark);
state = 0;
if (unlikely(setjmp(main_handler.loc))) {
@@ -149,7 +150,6 @@ main(int argc, char **argv)
#endif
mypid = rootpid = getpid();
init();
- setstackmark(&smark);
login = procargs(argv);
if (login) {
state = 1;
--
2.52.0
Hello,
I discovered this bug in a full LTO build of dash, where
triggering a longjmp using Ctrl-C caused a crash.
Reproduction, depends on compiler...
tmp $ clang --version
clang version 21.1.8 (AerynOS)
Target: x86_64-aerynos-linux
Thread model: posix
InstalledDir: /usr/bin
tmp $ git clone https://git.kernel.org/pub/scm/utils/dash/dash.git
tmp 0$ cd dash
dash $ ./autogen.sh
dash $ CC=clang CFLAGS='-O2 -flto=full' LDFLAGS=-flto=full ./configure --enable-glob --with-libedit
dash $ make
dash $ ./src/dash
$ sleep 10
^C
free(): invalid pointer
The process was killed by SIGABRT: Aborted
As far as I understand, what is happening is that in the full LTO
configuration, clang deduces that if the setjmp condition is true,
smark is still undefined, causing undefined behavior.
Of course, due to how setjmp works, the condition is _never_ true before
smark is initialized, but clang does not realize this.
I figured the optimal solution would be to move the initialization
before the setjmp if statement.
As far as I can see this should not cause other problems, although
moving the call before the `init()` feels weird
- i would love your opinon on this!
The other option would be to just zero initialize smark, but this
would be redundant in all practical executions.
Best Regards,
Fabian Rast
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]
next reply other threads:[~2026-01-06 15:40 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-06 15:34 Fabian Rast [this message]
2026-01-28 4:51 ` [PATCH] main.c: obviously initialize smark Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DFHM744ATISY.1T8SIZ5DGCL1C@tum.de \
--to=fabian.rast@tum.de \
--cc=dash@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox