* git 2.2.2 annotate crash (strbuf.c:32)
@ 2015-02-08 21:33 Dilyan Palauzov
2015-02-09 1:28 ` Jeff King
0 siblings, 1 reply; 7+ messages in thread
From: Dilyan Palauzov @ 2015-02-08 21:33 UTC (permalink / raw)
To: git
Hello,
I use git 2.2.2 and on my system git annotate crashed with the following
log.
Kind regards
Dilyan
(gdb) bt full
#0 0x00007fe420649655 in raise () from /lib64/libc.so.6
No symbol table info available.
#1 0x00007fe42064aad8 in abort () from /lib64/libc.so.6
No symbol table info available.
#2 0x00007fe42068928b in __libc_message () from /lib64/libc.so.6
No symbol table info available.
#3 0x00007fe42068ee36 in malloc_printerr () from /lib64/libc.so.6
No symbol table info available.
#4 0x00007fe42068fbb3 in _int_free () from /lib64/libc.so.6
No symbol table info available.
#5 0x000000000041335a in strbuf_release (sb=0x7fff44797480) at strbuf.c:32
sb = 0x7fff44797480
#6 commit_info_destroy (ci=0x7fff447973e0) at builtin/blame.c:1646
No locals.
#7 find_alignment (option=0x7e8220 <output_option>, sb=0x7fff447972f0)
at builtin/blame.c:2117
suspect = 0xd71230
ci = {
author = {
alloc = 0,
len = 0,
buf = 0x810540 <strbuf_slopbuf> ""
},
author_mail = {
alloc = 0,
len = 0,
buf = 0x810540 <strbuf_slopbuf> ""
},
author_time = 959115099,
author_tz = {
alloc = 0,
len = 0,
buf = 0x810540 <strbuf_slopbuf> ""
},
committer = {
alloc = 0,
len = 0,
buf = 0x810540 <strbuf_slopbuf> ""
},
committer_mail = {
alloc = 0,
len = 0,
buf = 0x810540 <strbuf_slopbuf> ""
},
committer_time = 959115099,
committer_tz = {
alloc = 0,
len = 0,
buf = 0x810540 <strbuf_slopbuf> ""
},
summary = {
alloc = 26,
len = 25,
buf = 0xe05b50 <incomplete sequence \330>
}
}
num = <optimized out>
longest_src_lines = 13
largest_score = 175
e = 0xd45c80
longest_dst_lines = 12
compute_auto_abbrev = 1
auto_abbrev = 7
#8 cmd_blame (argc=<optimized out>, argv=<optimized out>,
prefix=prefix@entry=0x0) at builtin/blame.c:2797
revs = {
commits = 0xd222a0,
pending = {
nr = 0,
alloc = 0,
objects = 0x0
},
boundary_commits = {
nr = 0,
alloc = 0,
objects = 0x0
},
cmdline = {
nr = 0,
alloc = 0,
rev = 0x0
},
ref_excludes = 0x0,
prefix = 0x0,
def = 0x0,
prune_data = {
_raw = 0x0,
nr = 0,
has_wildcard = 0,
recursive = 0,
magic = 0,
max_depth = 0,
items = 0x0
},
sort_order = REV_SORT_IN_GRAPH_ORDER,
early_output = 0,
ignore_missing = 0,
ignore_missing_links = 0,
dense = 1,
prune = 0,
no_walk = 0,
show_all = 0,
remove_empty_trees = 0,
simplify_history = 1,
topo_order = 0,
simplify_merges = 0,
simplify_by_decoration = 0,
tag_objects = 0,
tree_objects = 0,
blob_objects = 0,
verify_objects = 0,
edge_hint = 0,
limited = 0,
unpacked = 0,
boundary = 0,
count = 0,
left_right = 0,
left_only = 0,
right_only = 0,
rewrite_parents = 0,
print_parents = 0,
show_source = 0,
show_decorations = 0,
reverse = 0,
reverse_output_stage = 0,
cherry_pick = 0,
cherry_mark = 0,
bisect = 0,
ancestry_path = 0,
first_parent_only = 0,
line_level_traverse = 0,
diff = 0,
full_diff = 0,
show_root_diff = 0,
no_commit_id = 0,
verbose_header = 0,
ignore_merges = 1,
combine_merges = 0,
dense_combined_merges = 0,
always_show_header = 0,
shown_one = 0,
shown_dashes = 0,
show_merge = 0,
show_notes = 0,
show_notes_given = 0,
show_signature = 0,
pretty_given = 0,
abbrev_commit = 0,
abbrev_commit_given = 0,
use_terminator = 0,
missing_newline = 0,
date_mode_explicit = 0,
preserve_subject = 0,
disable_stdin = 1,
leak_pending = 0,
track_linear = 0,
track_first_time = 0,
linear = 0,
date_mode = DATE_ISO8601,
abbrev = 7,
commit_format = CMIT_FMT_MEDIUM,
loginfo = 0x0,
nr = 0,
total = 0,
mime_boundary = 0x0,
patch_suffix = 0x0,
numbered_files = 0,
reroll_count = 0,
message_id = 0x0,
from_ident = {
name_begin = 0x0,
name_end = 0x0,
mail_begin = 0x0,
mail_end = 0x0,
date_begin = 0x0,
date_end = 0x0,
tz_begin = 0x0,
tz_end = 0x0
},
ref_message_ids = 0x0,
add_signoff = 0,
extra_headers = 0x0,
log_reencode = 0x0,
subject_prefix = 0x0,
no_inline = 0,
show_log_size = 0,
mailmap = 0x0,
grep_filter = {
pattern_list = 0x0,
pattern_tail = 0x7fff44797918,
header_list = 0x0,
header_tail = 0x7fff44797928,
pattern_expression = 0x0,
prefix = 0x0,
prefix_length = 0,
regexp = {
buffer = 0x0,
allocated = 0,
used = 0,
syntax = 0,
fastmap = 0x0,
translate = 0x0,
re_nsub = 0,
can_be_null = 0,
regs_allocated = 0,
fastmap_accurate = 0,
no_sub = 0,
not_bol = 0,
not_eol = 0,
newline_anchor = 0
},
linenum = 0,
invert = 0,
ignore_case = 0,
status_only = 1,
name_only = 0,
unmatch_name_only = 0,
count = 0,
word_regexp = 0,
fixed = 0,
all_match = 0,
debug = 0,
binary = 0,
allow_textconv = 0,
extended = 0,
use_reflog_filter = 0,
pcre = 0,
relative = 1,
pathname = 1,
null_following_name = 0,
color = -1,
max_depth = -1,
funcname = 0,
funcbody = 0,
extended_regexp_option = 0,
pattern_type_option = 0,
color_context = '\000' <repeats 39 times>,
color_filename = '\000' <repeats 39 times>,
color_function = '\000' <repeats 39 times>,
color_lineno = '\000' <repeats 39 times>,
color_match_context = "\033[1;31m", '\000' <repeats 32 times>,
color_match_selected = "\033[1;31m", '\000' <repeats 32
times>,
color_selected = '\000' <repeats 39 times>,
color_sep = "\033[36m", '\000' <repeats 34 times>,
regflags = 4,
pre_context = 0,
post_context = 0,
last_shown = 0,
show_hunk_mark = 0,
file_break = 0,
heading = 0,
priv = 0x0,
output = 0x0,
output_priv = 0x0
},
graph = 0x0,
skip_count = -1,
max_count = -1,
max_age = 18446744073709551615,
min_age = 18446744073709551615,
min_parents = 0,
max_parents = -1,
include_check = 0x0,
include_check_data = 0x0,
diffopt = {
orderfile = 0x0,
pickaxe = 0x0,
single_follow = 0x0,
a_prefix = 0x5a0f0e "a/",
b_prefix = 0x5a0f11 "b/",
flags = 2097408,
touched_flags = 6291840,
filter = 0,
use_color = -1,
context = 3,
interhunkcontext = 0,
break_opt = -1,
detect_rename = 0,
irreversible_delete = 0,
skip_stat_unmatch = 0,
line_termination = 10,
output_format = 0,
pickaxe_opts = 0,
rename_score = 0,
rename_limit = -1,
needed_rename_limit = 0,
degraded_cc_to_c = 0,
show_rename_progress = 0,
dirstat_permille = 30,
setup = 0,
abbrev = 7,
prefix = 0x0,
prefix_length = 0,
stat_sep = 0x0,
xdl_opts = 0,
stat_width = 0,
stat_name_width = 0,
stat_graph_width = 0,
stat_count = 0,
word_regex = 0x0,
word_diff = DIFF_WORDS_NONE,
found_changes = 0,
found_follow = 0,
set_default = 0x0,
file = 0x7fe4209be160 <_IO_2_1_stdout_>,
close_file = 0,
pathspec = {
_raw = 0x0,
nr = 0,
has_wildcard = 0,
recursive = 0,
magic = 0,
max_depth = 0,
items = 0x0
},
pathchange = 0x0,
change = 0x4ab165 <diff_change>,
add_remove = 0x4aaced <diff_addremove>,
format_callback = 0x0,
format_callback_data = 0x0,
output_prefix = 0x0,
output_prefix_length = 0,
output_prefix_data = 0x0,
diff_path_counter = 0
},
pruning = {
orderfile = 0x0,
pickaxe = 0x0,
single_follow = 0x0,
a_prefix = 0x0,
b_prefix = 0x0,
flags = 2049,
touched_flags = 2049,
filter = 0,
use_color = 0,
context = 0,
interhunkcontext = 0,
break_opt = 0,
detect_rename = 0,
irreversible_delete = 0,
skip_stat_unmatch = 0,
line_termination = 0,
output_format = 0,
pickaxe_opts = 0,
rename_score = 0,
rename_limit = 0,
needed_rename_limit = 0,
degraded_cc_to_c = 0,
show_rename_progress = 0,
dirstat_permille = 0,
setup = 0,
abbrev = 0,
prefix = 0x0,
prefix_length = 0,
stat_sep = 0x0,
xdl_opts = 0,
stat_width = 0,
stat_name_width = 0,
stat_graph_width = 0,
stat_count = 0,
word_regex = 0x0,
word_diff = DIFF_WORDS_NONE,
found_changes = 0,
found_follow = 0,
set_default = 0x0,
file = 0x0,
close_file = 0,
pathspec = {
_raw = 0x0,
nr = 0,
has_wildcard = 0,
recursive = 0,
magic = 0,
max_depth = 0,
items = 0x0
},
pathchange = 0x0,
change = 0x55b66c <file_change.lto_priv.974>,
add_remove = 0x55b640 <file_add_remove.lto_priv.973>,
format_callback = 0x0,
format_callback_data = 0x0,
output_prefix = 0x0,
output_prefix_length = 0,
output_prefix_data = 0x0,
diff_path_counter = 0
},
reflog_info = 0x0,
children = {
name = 0x0,
size = 0,
nr = 0,
hash = 0x0
},
merge_simplification = {
name = 0x0,
size = 0,
nr = 0,
hash = 0x0
},
treesame = {
name = 0x0,
size = 0,
nr = 0,
hash = 0x0
},
notes_opt = {
use_default_notes = -1,
extra_notes_refs = {
items = 0x0,
nr = 0,
alloc = 0,
strdup_strings = 0,
cmp = 0x0
}
},
count_left = 0,
count_right = 0,
count_same = 0,
line_log_data = {
name = 0x0,
size = 0,
nr = 0,
hash = 0x0
},
saved_parents_slab = 0x0,
previous_parents = 0x0,
break_bar = 0x0
}
path = <optimized out>
sb = {
final = 0xcdb260,
commits = {
compare = 0x4843a9 <compare_commits_by_commit_date>,
insertion_ctr = 4891,
cb_data = 0x0,
alloc = 24,
nr = 0,
array = 0xd2bc90
},
revs = 0x7fff447977e0,
path = 0xcd7910 "timsieved/parser.c",
final_buf = 0xd24a30 "/* parser.c -- parser used by
timsieved\n * Tim Martin\n * 9/21/99\n *\n * Copyright (c) 1994-2008
Carnegie Mellon University. All rights reserved.\n *\n * Redistribution
and use in source and binary forms"...,
final_buf_size = 24507,
ent = 0xd222c0,
num_lines = 984,
lineno = 0xd2aa00
}
o = <optimized out>
ent = <optimized out>
dashdash_pos = <optimized out>
lno = <optimized out>
final_commit_name = <optimized out>
type = OBJ_NONE
range_list = {
items = 0x0,
nr = 0,
alloc = 0,
strdup_strings = 0,
cmp = 0x0
}
output_option = 1
opt = 0
show_stats = 0
revs_file = 0x0
contents_from = 0x0
options = {{
type = OPTION_SET_INT,
short_name = 0,
long_name = 0x597660 "incremental",
value = 0x7e81bc <incremental>,
argh = 0x0,
help = 0x583a10 "Show blame entries as we find them,
incrementally",
flags = 2,
callback = 0x0,
defval = 1
}, {
type = OPTION_SET_INT,
short_name = 98,
long_name = 0x0,
value = 0x7e81ac <blank_boundary>,
argh = 0x0,
help = 0x583a48 "Show blank SHA-1 for boundary commits
(Default: off)",
flags = 2,
callback = 0x0,
defval = 1
}, {
type = OPTION_SET_INT,
short_name = 0,
long_name = 0x5ab91d "root",
value = 0x7e8194 <show_root>,
argh = 0x0,
help = 0x583a80 "Do not treat root commits as boundaries
(Default: off)",
flags = 2,
callback = 0x0,
defval = 1
}, {
type = OPTION_SET_INT,
short_name = 0,
long_name = 0x584f1e "show-stats",
value = 0x7e81b0 <show_stats>,
argh = 0x0,
help = 0x584f29 "Show work cost statistics",
flags = 2,
callback = 0x0,
defval = 1
}, {
type = OPTION_BIT,
short_name = 0,
long_name = 0x584f43 "score-debug",
value = 0x7e8220 <output_option>,
argh = 0x0,
help = 0x583ab8 "Show output score for blame entries",
flags = 2,
callback = 0x0,
defval = 64
}, {
type = OPTION_BIT,
short_name = 102,
long_name = 0x584f4f "show-name",
value = 0x7e8220 <output_option>,
argh = 0x0,
help = 0x583ae0 "Show original filename (Default: auto)",
flags = 2,
callback = 0x0,
defval = 16
}, {
type = OPTION_BIT,
short_name = 110,
long_name = 0x584f59 "show-number",
value = 0x7e8220 <output_option>,
argh = 0x0,
help = 0x583b08 "Show original linenumber (Default: off)",
flags = 2,
callback = 0x0,
defval = 32
}, {
type = OPTION_BIT,
short_name = 112,
long_name = 0x5a0c9f "porcelain",
value = 0x7e8220 <output_option>,
argh = 0x0,
help = 0x583b30 "Show in a format designed for machine
consumption",
flags = 2,
callback = 0x0,
defval = 8
}, {
type = OPTION_BIT,
short_name = 0,
long_name = 0x584f65 "line-porcelain",
value = 0x7e8220 <output_option>,
argh = 0x0,
help = 0x583b68 "Show porcelain format with per-line commit
information",
flags = 2,
callback = 0x0,
defval = 520
}, {
type = OPTION_BIT,
short_name = 99,
long_name = 0x0,
value = 0x7e8220 <output_option>,
argh = 0x0,
help = 0x583ba0 "Use the same output mode as git-annotate
(Default: off)",
flags = 2,
callback = 0x0,
defval = 1
}, {
type = OPTION_BIT,
short_name = 116,
long_name = 0x0,
value = 0x7e8220 <output_option>,
argh = 0x0,
help = 0x583bd8 "Show raw timestamp (Default: off)",
flags = 2,
callback = 0x0,
defval = 4
}, {
type = OPTION_BIT,
short_name = 108,
long_name = 0x0,
value = 0x7e8220 <output_option>,
argh = 0x0,
help = 0x583c00 "Show long commit SHA1 (Default: off)",
flags = 2,
callback = 0x0,
defval = 2
}, {
type = OPTION_BIT,
short_name = 115,
long_name = 0x0,
value = 0x7e8220 <output_option>,
argh = 0x0,
help = 0x583c28 "Suppress author name and timestamp
(Default: off)",
flags = 2,
callback = 0x0,
defval = 128
}, {
type = OPTION_BIT,
short_name = 101,
long_name = 0x584f74 "show-email",
value = 0x7e8220 <output_option>,
argh = 0x0,
help = 0x583c60 "Show author email instead of name
(Default: off)",
flags = 2,
callback = 0x0,
defval = 256
}, {
type = OPTION_BIT,
short_name = 119,
long_name = 0x0,
value = 0x7e8190 <xdl_opts>,
argh = 0x0,
help = 0x584f7f "Ignore whitespace differences",
flags = 2,
callback = 0x0,
defval = 4
}, {
type = OPTION_BIT,
short_name = 0,
long_name = 0x5a2cf1 "minimal",
value = 0x7e8190 <xdl_opts>,
argh = 0x0,
help = 0x583c98 "Spend extra cycles to find better match",
flags = 2,
callback = 0x0,
defval = 2
}, {
type = OPTION_STRING,
short_name = 83,
long_name = 0x0,
value = 0x7e8228 <revs_file>,
argh = 0x5b272a "file",
help = 0x583cc0 "Use revisions from <file> instead of
calling git-rev-list",
flags = 0,
callback = 0x0,
defval = 0
}, {
type = OPTION_STRING,
short_name = 0,
long_name = 0x59b571 "contents",
value = 0x7e8200 <contents_from>,
argh = 0x5b272a "file",
help = 0x583d00 "Use <file>'s contents as the final image",
flags = 0,
callback = 0x0,
defval = 0
}, {
type = OPTION_CALLBACK,
short_name = 67,
long_name = 0x0,
value = 0x7e8210 <opt>,
argh = 0x584f9d "score",
help = 0x583d30 "Find line copies within and across files",
flags = 1,
callback = 0x408280 <blame_copy_callback>,
defval = 0
}, {
type = OPTION_CALLBACK,
short_name = 77,
long_name = 0x0,
value = 0x7e8210 <opt>,
argh = 0x584f9d "score",
help = 0x583d60 "Find line movements within and across files",
flags = 1,
callback = 0x4082d9 <blame_move_callback>,
defval = 0
}, {
type = OPTION_CALLBACK,
short_name = 76,
long_name = 0x0,
value = 0x7e81e0 <range_list>,
argh = 0x584fa3 "n,m",
help = 0x583d90 "Process only line range n,m, counting from
1",
flags = 0,
callback = 0x4e5311 <parse_opt_string_list>,
defval = 0
}, {
type = OPTION_CALLBACK,
short_name = 0,
long_name = 0x5a2c80 "abbrev",
value = 0x7e1b90 <abbrev>,
argh = 0x5ac835 "n",
help = 0x583dc0 "use <n> digits to display SHA-1s",
flags = 1,
callback = 0x4eda2e <parse_opt_abbrev_cb>,
defval = 0
}, {
type = OPTION_END,
short_name = 0,
long_name = 0x0,
value = 0x0,
argh = 0x0,
help = 0x0,
flags = 0,
callback = 0x0,
defval = 0
}}
ctx = {
argv = 0xcd77d8,
out = 0xcd77c0,
argc = 0,
cpidx = 2,
opt = 0x0,
flags = 5,
prefix = 0x0
}
cmd_is_annotate = <optimized out>
ranges = {
alloc = 0,
nr = 0,
ranges = 0x0
}
range_i = <optimized out>
anchor = <optimized out>
#9 0x0000000000413d45 in cmd_annotate (argc=<optimized out>,
argv=<optimized out>, prefix=0x0) at builtin/annotate.c:21
args = {
argv = 0xcd77c0,
argc = 3,
alloc = 24
}
i = <optimized out>
#10 0x000000000040f19f in run_builtin (argv=0x7fff44798280, argc=2,
p=0x7e3a58 <commands.lto_priv+24>) at git.c:351
status = <optimized out>
help = <optimized out>
st = {
st_dev = 1,
st_ino = 0,
st_nlink = 140734342201968,
st_mode = 543312808,
st_uid = 32740,
st_gid = 0,
__pad0 = 1,
st_rdev = 140734342201360,
st_size = 140734342203448,
st_blksize = 140617791849317,
st_blocks = 0,
st_atim = {
tv_sec = 140617776354880,
tv_nsec = 13463760
},
st_mtim = {
tv_sec = 140734342204489,
tv_nsec = 140734342201360
},
st_ctim = {
tv_sec = 140734342203448,
tv_nsec = 140734342201968
},
__unused = {140734342201568, 0, 5074673}
}
prefix = <optimized out>
#11 handle_builtin (argc=2, argv=0x7fff44798280) at git.c:530
p = 0x7e3a58 <commands.lto_priv+24>
cmd = <optimized out>
i = <optimized out>
#12 0x0000000000405ac5 in run_argv (argv=0x7fff447980b8,
argcp=0x7fff447980ac) at git.c:576
done_alias = 0
#13 main (argc=2, av=<optimized out>) at git.c:685
done_help = 0
was_alias = 0
argv = 0x7fff44798280
cmd = 0x7fff44798838 "annotate"
(gdb)
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: git 2.2.2 annotate crash (strbuf.c:32)
2015-02-08 21:33 git 2.2.2 annotate crash (strbuf.c:32) Dilyan Palauzov
@ 2015-02-09 1:28 ` Jeff King
2015-02-09 4:39 ` Eric Sunshine
0 siblings, 1 reply; 7+ messages in thread
From: Jeff King @ 2015-02-09 1:28 UTC (permalink / raw)
To: Dilyan Palauzov; +Cc: git
On Sun, Feb 08, 2015 at 10:33:40PM +0100, Dilyan Palauzov wrote:
> I use git 2.2.2 and on my system git annotate crashed with the following
> log.
I couldn't reproduce it with a few simple examples. Is it possible for
you to show us the repository and command that caused this?
> (gdb) bt full
> #0 0x00007fe420649655 in raise () from /lib64/libc.so.6
> No symbol table info available.
> #1 0x00007fe42064aad8 in abort () from /lib64/libc.so.6
> No symbol table info available.
> #2 0x00007fe42068928b in __libc_message () from /lib64/libc.so.6
> No symbol table info available.
> #3 0x00007fe42068ee36 in malloc_printerr () from /lib64/libc.so.6
> No symbol table info available.
> #4 0x00007fe42068fbb3 in _int_free () from /lib64/libc.so.6
> No symbol table info available.
> #5 0x000000000041335a in strbuf_release (sb=0x7fff44797480) at strbuf.c:32
> sb = 0x7fff44797480
So presumably the sb->buf we pass to free() is not valid. Given the
address of the strbuf, and the address of the commit_info here:
> #6 commit_info_destroy (ci=0x7fff447973e0) at builtin/blame.c:1646
> No locals.
we are at offset 160, which is almost certainly the ci->summary strbuf.
Which is:
> summary = {
> alloc = 26,
> len = 25,
> buf = 0xe05b50 <incomplete sequence \330>
> }
The alloc/len look reasonable, but the buffer looks odd (it should
probably have some actual text in it). I don't see anywhere in the code
that we assign to that buffer or do anything questionable, though. We
just strbuf_add and then eventually strbuf_release it. You cannot even
get into this situation by calling strbuf_release twice, as it sets the
pointer to a known value after it is freed.
-Peff
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: git 2.2.2 annotate crash (strbuf.c:32)
2015-02-09 1:28 ` Jeff King
@ 2015-02-09 4:39 ` Eric Sunshine
2015-02-09 10:33 ` Dilyan Palauzov
0 siblings, 1 reply; 7+ messages in thread
From: Eric Sunshine @ 2015-02-09 4:39 UTC (permalink / raw)
To: Jeff King; +Cc: Dilyan Palauzov, Git List
On Sun, Feb 8, 2015 at 8:28 PM, Jeff King <peff@peff.net> wrote:
> On Sun, Feb 08, 2015 at 10:33:40PM +0100, Dilyan Palauzov wrote:
>
>> I use git 2.2.2 and on my system git annotate crashed with the following
>> log.
>
> I couldn't reproduce it with a few simple examples. Is it possible for
> you to show us the repository and command that caused this?
I also was unable to reproduce on either Mac OS X or Linux with git
2.2.2. Clues from the traceback suggest the cyrus-imapd project and
annotation of timsieved/parser.c. I tried:
git clone git://git.cyrusimap.org/cyrus-imapd/
cd cyrus-imapd
git --no-pager annotate timsieved/parser.c
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: git 2.2.2 annotate crash (strbuf.c:32)
2015-02-09 4:39 ` Eric Sunshine
@ 2015-02-09 10:33 ` Dilyan Palauzov
2015-02-09 18:46 ` Eric Sunshine
0 siblings, 1 reply; 7+ messages in thread
From: Dilyan Palauzov @ 2015-02-09 10:33 UTC (permalink / raw)
To: git
Hello,
the point is that with exactly the same configuration on one computer
there is crash and on another one things work just fine.
I found out that line builtin/blame.c:1675 makes the problems:
if (len) {
printf("blame.c:1676, subject: %s, len: %i\n", subject, len);
--> strbuf_add(&ret->summary, subject, len); <--
} else
strbuf_addf(&ret->summary, "(%s)", sha1_to_hex(commit->object.sha1));
commenting it out and compiling does not lead to crashing git anymore.
You can find below the output of printf.
git clone git://git.cyrusimap.org/cyrus-imapd
git annotate timsieved/parser.c
*** Error in `git': double free or corruption (!prev):
0x00000000022e4b40 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x7ae36)[0x7f8f0fe2ce36]
/lib64/libc.so.6(+0x7bbb3)[0x7f8f0fe2dbb3]
git[0x41330b]
git[0x413cf6]
git[0x40f14f]
git[0x405ac5]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7f8f0fdd3a25]
git[0x4069b1]
======= Memory map: ========
00400000-005e1000 r-xp 00000000 09:00 36163
/usr/bin/git
007e0000-007e1000 r--p 001e0000 09:00 36163
/usr/bin/git
007e1000-007e8000 rw-p 001e1000 09:00 36163
/usr/bin/git
007e8000-00823000 rw-p 00000000 00:00 0
021c1000-023e8000 rw-p 00000000 00:00 0
[heap]
7f8f07bc3000-7f8f07c04000 rw-p 00000000 00:00 0
7f8f07c23000-7f8f07c25000 rw-p 00000000 00:00 0
7f8f07c25000-7f8f07c51000 r--p 00000000 09:01 4594075
/mnt/new/home/didopalauzov/cyrus-imapd/.git/objects/pack/pack-cdc8608c4304cfdf5bbe28257fef594357bdd721.pack
7f8f07c51000-7f8f07d20000 r--p 00000000 09:01 4595166
/mnt/new/home/didopalauzov/cyrus-imapd/.git/objects/pack/pack-2940fa128dee37fb4e0e5823cd6f9dff46da7c2b.pack
7f8f07d20000-7f8f07ea1000 r--p 00000000 09:01 4595225
/mnt/new/home/didopalauzov/cyrus-imapd/.git/objects/pack/pack-115dbdfb66491440464600a7ef7ab1f85b3ad170.pack
7f8f07ea1000-7f8f07fa6000 r--p 00000000 09:01 4595449
/mnt/new/home/didopalauzov/cyrus-imapd/.git/objects/pack/pack-6278b37ee884848bb77280ddcd95700f9c933d87.pack
7f8f07fa6000-7f8f080b4000 r--p 00000000 09:01 4594150
/mnt/new/home/didopalauzov/cyrus-imapd/.git/objects/pack/pack-dca01159e601a45ed0a79ad9844d621698c6aafd.pack
7f8f080b4000-7f8f0918c000 r--p 00000000 09:01 4594031
/mnt/new/home/didopalauzov/cyrus-imapd/.git/objects/pack/pack-a918d22dbf1c50ae9bfcf479a84877cca3fae689.pack
7f8f0918c000-7f8f0944f000 r--p 00000000 09:01 4594554
/mnt/new/home/didopalauzov/cyrus-imapd/.git/objects/pack/pack-a918d22dbf1c50ae9bfcf479a84877cca3fae689.idx
7f8f0944f000-7f8f0f998000 r--p 00000000 09:00 3719644
/lib64/locale/locale-archive
7f8f0f998000-7f8f0f99b000 r-xp 00000000 09:00 3719642
/lib64/libdl-2.17.so
7f8f0f99b000-7f8f0fb9a000 ---p 00003000 09:00 3719642
/lib64/libdl-2.17.so
7f8f0fb9a000-7f8f0fb9b000 r--p 00002000 09:00 3719642
/lib64/libdl-2.17.so
7f8f0fb9b000-7f8f0fb9c000 rw-p 00003000 09:00 3719642
/lib64/libdl-2.17.so
7f8f0fb9c000-7f8f0fbb2000 r-xp 00000000 09:00 33467
/usr/lib64/libgcc_s.so.1
7f8f0fbb2000-7f8f0fdb1000 ---p 00016000 09:00 33467
/usr/lib64/libgcc_s.so.1
7f8f0fdb1000-7f8f0fdb2000 rw-p 00015000 09:00 33467
/usr/lib64/libgcc_s.so.1
7f8f0fdb2000-7f8f0ff58000 r-xp 00000000 09:00 3719720
/lib64/libc-2.17.so
7f8f0ff58000-7f8f10157000 ---p 001a6000 09:00 3719720
/lib64/libc-2.17.so
7f8f10157000-7f8f1015b000 r--p 001a5000 09:00 3719720
/lib64/libc-2.17.so
7f8f1015b000-7f8f1015d000 rw-p 001a9000 09:00 3719720
/lib64/libc-2.17.so
7f8f1015d000-7f8f10161000 rw-p 00000000 00:00 0
7f8f10161000-7f8f10178000 r-xp 00000000 09:00 3719597
/lib64/libpthread-2.17.so
7f8f10178000-7f8f10377000 ---p 00017000 09:00 3719597
/lib64/libpthread-2.17.so
7f8f10377000-7f8f10378000 r--p 00016000 09:00 3719597
/lib64/libpthread-2.17.so
7f8f10378000-7f8f10379000 rw-p 00017000 09:00 3719597
/lib64/libpthread-2.17.so
7f8f10379000-7f8f1037d000 rw-p 00000000 00:00 0
7f8f1037d000-7f8f10384000 r-xp 00000000 09:00 3719705
/lib64/librt-2.17.so
7f8f10384000-7f8f10583000 ---p 00007000 09:00 3719705
/lib64/librt-2.17.so
7f8f10583000-7f8f10584000 r--p 00006000 09:00 3719705
/lib64/librt-2.17.so
7f8f10584000-7f8f10585000 rw-p 00007000 09:00 3719705
/lib64/librt-2.17.so
7f8f10585000-7f8f10587000 r-xp 00000000 09:00 37211
/usr/lib64/libcharset.so.1.0.0
7f8f10587000-7f8f10786000 ---p 00002000 09:00 37211
/usr/lib64/libcharset.so.1.0.0
7f8f10786000-7f8f10787000 r--p 00001000 09:00 37211
/usr/lib64/libcharset.so.1.0.0
7f8f10787000-7f8f10788000 rw-p 00002000 09:00 37211
/usr/lib64/libcharset.so.1.0.0
7f8f10788000-7f8f10949000 r-xp 00000000 09:00 34361
/usr/lib64/libcrypto.so.1.0.0
7f8f10949000-7f8f10b49000 ---p 001c1000 09:00 34361
/usr/lib64/libcrypto.so.1.0.0
7f8f10b49000-7f8f10b71000 rw-p 001c1000 09:00 34361
/usr/lib64/libcrypto.so.1.0.0
7f8f10b71000-7f8f10b74000 rw-p 00000000 00:00 0
7f8f10b74000-7f8f10b90000 r-xp 00000000 09:00 215770
/usr/lib/libz.so.1.2.8
7f8f10b90000-7f8f10d8f000 ---p 0001c000 09:00 215770
/usr/lib/libz.so.1.2.8
7f8f10d8f000-7f8f10d90000 r--p 0001b000 09:00 215770
/usr/lib/libz.so.1.2.8
7f8f10d90000-7f8f10d91000 rw-p 0001c000 09:00 215770
/usr/lib/libz.so.1.2.8
7f8f10d91000-7f8f10e0d000 r-xp 00000000 09:00 215845
/usr/lib/libpcre.so.1.2.4
7f8f10e0d000-7f8f1100c000 ---p 0007c000 09:00 215845
/usr/lib/libpcre.so.1.2.4
7f8f1100c000-7f8f1100d000 r--p 0007b000 09:00 215845
/usr/lib/libpcre.so.1.2.4
7f8f1100d000-7f8f1100e000 rw-p 0007c000 09:00 215845
/usr/lib/libpcre.so.1.2.4
7f8f1100e000-7f8f1102f000 r-xp 00000000 09:00 3719713
/lib64/ld-2.17.so
7f8f1104e000-7f8f11050000 r--p 00000000 09:01 4594076
/mnt/new/home/didopalauzov/cyrus-imapd/.git/objects/pack/pack-cdc8608c4304cfdf5bbe28257fef594357bdd721.idx
7f8f11050000-7f8f1105a000 r--p 00000000 09:01 4594116
/mnt/new/home/didopalauzov/cyrus-imapd/.git/objects/pack/pack-ad62caaf95e2bad3a13acd988f7a6f07688561b4.idx
7f8f1105a000-7f8f1105b000 r--p 00000000 09:01 4595125
/mnt/new/home/didopalauzov/cyrus-imapd/.git/objects/pack/pack-d1451c187b47b3cf453f5cccf4f48196e328e1f1.idx
7f8f1105b000-7f8f1105d000 r--p 00000000 09:01 4595373
/mnt/new/home/didopalauzov/cyrus-imapd/.git/objects/pack/pack-3d3b97a2faba97f859e7494ceb203c7d843d92f3.idx
7f8f1105d000-7f8f1105f000 r--p 00000000 09:01 4595167
/mnt/new/home/didopalauzov/cyrus-imapd/.git/objects/pack/pack-2940fa128dee37fb4e0e5823cd6f9dff46da7c2b.idx
7f8f1105f000-7f8f11066000 r--p 00000000 09:01 4595168
/mnt/new/home/didopalauzov/cyrus-imapd/.git/objects/pack/pack-9953e8d5a616b261f6f39fb9cb8ebea445e20103.idx
7f8f11066000-7f8f11068000 r--p 00000000 09:01 4595226
/mnt/new/home/didopalauzov/cyrus-imapd/.git/objects/pack/pack-6b8df09fd5d73b9aabc00ab842aa36a5fac3b3c0.idx
7f8f11068000-7f8f11079000 r--p 00000000 09:01 4595356
/mnt/new/home/didopalauzov/cyrus-imapd/.git/objects/pack/pack-115dbdfb66491440464600a7ef7ab1f85b3ad170.idx
7f8f11079000-7f8f1107d000 r--p 00000000 09:01 4595450
/mnt/new/home/didopalauzov/cyrus-imapd/.git/objects/pack/pack-6278b37ee884848bb77280ddcd95700f9c933d87.idx
7f8f1107d000-7f8f1107f000 r--p 00000000 09:01 4596221
/mnt/new/home/didopalauzov/cyrus-imapd/.git/objects/pack/pack-55c71a461de5f4053accaab5f689e203c9214edc.idx
7f8f1107f000-7f8f11082000 r--p 00000000 09:01 4596222
/mnt/new/home/didopalauzov/cyrus-imapd/.git/objects/pack/pack-dca01159e601a45ed0a79ad9844d621698c6aafd.idx
7f8f11082000-7f8f11102000 rw-p 00000000 00:00 0
7f8f11102000-7f8f111fe000 r--p 00000000 09:01 4596235
/mnt/new/home/didopalauzov/cyrus-imapd/.git/objects/pack/pack-cc45af7de78fb5126dbcb26249372642a530b0d0.pack
7f8f111fe000-7f8f11205000 rw-p 00000000 00:00 0
7f8f1122b000-7f8f1122f000 r--p 00000000 09:01 4596236
/mnt/new/home/didopalauzov/cyrus-imapd/.git/objects/pack/pack-cc45af7de78fb5126dbcb26249372642a530b0d0.idx
7f8f1122f000-7f8f11230000 r--p 00021000 09:00 3719713
/lib64/ld-2.17.so
7f8f11230000-7f8f11232000 rw-p 00022000 09:00 3719713
/lib64/ld-2.17.so
7fffd5411000-7fffd5432000 rw-p 00000000 00:00 0
[stack]
7fffd55f1000-7fffd55f2000 r-xp 00000000 00:00 0
[vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
[vsyscall]
blame.c:1676, subject: rewrite of the parser; survives -Wall
, len: 37
blame.c:1676, subject: updated copyright
, len: 17
blame.c:1676, subject: *** empty log message ***
, len: 25
lines 1-6/6 (END)Aborted
Greetings
Dilyan
On 09.02.2015 05:39, Eric Sunshine wrote:
> On Sun, Feb 8, 2015 at 8:28 PM, Jeff King <peff@peff.net> wrote:
>> On Sun, Feb 08, 2015 at 10:33:40PM +0100, Dilyan Palauzov wrote:
>>
>>> I use git 2.2.2 and on my system git annotate crashed with the following
>>> log.
>>
>> I couldn't reproduce it with a few simple examples. Is it possible for
>> you to show us the repository and command that caused this?
>
> I also was unable to reproduce on either Mac OS X or Linux with git
> 2.2.2. Clues from the traceback suggest the cyrus-imapd project and
> annotation of timsieved/parser.c. I tried:
>
> git clone git://git.cyrusimap.org/cyrus-imapd/
> cd cyrus-imapd
> git --no-pager annotate timsieved/parser.c
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: git 2.2.2 annotate crash (strbuf.c:32)
2015-02-09 10:33 ` Dilyan Palauzov
@ 2015-02-09 18:46 ` Eric Sunshine
2015-02-09 19:22 ` Dilyan Palauzov
2015-02-09 20:50 ` Junio C Hamano
0 siblings, 2 replies; 7+ messages in thread
From: Eric Sunshine @ 2015-02-09 18:46 UTC (permalink / raw)
To: Dilyan Palauzov; +Cc: git
On Mon, Feb 09, 2015 at 11:33:39AM +0100, Dilyan Palauzov wrote:
> the point is that with exactly the same configuration on one
> computer there is crash and on another one things work just fine.
>
> I found out that line builtin/blame.c:1675 makes the problems:
>
> if (len) {
> printf("blame.c:1676, subject: %s, len: %i\n", subject, len);
> --> strbuf_add(&ret->summary, subject, len); <--
> } else
> strbuf_addf(&ret->summary, "(%s)", sha1_to_hex(commit->object.sha1));
>
> commenting it out and compiling does not lead to crashing git
> anymore. You can find below the output of printf.
>
> git clone git://git.cyrusimap.org/cyrus-imapd
> git annotate timsieved/parser.c
>
> *** Error in `git': double free or corruption (!prev):
> 0x00000000022e4b40 ***
There is a bit of suspicious code in builtin/blame.c where it is
destroying the commit_info without ever initializing it, and this
happens many times when blaming 'timsieved/parser.c'. Does the
following patch fix the problem for you?
--- 8< ---
diff --git a/builtin/blame.c b/builtin/blame.c
index 303e217..a3cc972 100644
--- a/builtin/blame.c
+++ b/builtin/blame.c
@@ -2085,7 +2085,6 @@ static void find_alignment(struct scoreboard *sb, int *option)
for (e = sb->ent; e; e = e->next) {
struct origin *suspect = e->suspect;
- struct commit_info ci;
int num;
if (compute_auto_abbrev)
@@ -2096,6 +2095,7 @@ static void find_alignment(struct scoreboard *sb, int *option)
if (longest_file < num)
longest_file = num;
if (!(suspect->commit->object.flags & METAINFO_SHOWN)) {
+ struct commit_info ci;
suspect->commit->object.flags |= METAINFO_SHOWN;
get_commit_info(suspect->commit, &ci, 1);
if (*option & OUTPUT_SHOW_EMAIL)
@@ -2104,6 +2104,7 @@ static void find_alignment(struct scoreboard *sb, int *option)
num = utf8_strwidth(ci.author.buf);
if (longest_author < num)
longest_author = num;
+ commit_info_destroy(&ci);
}
num = e->s_lno + e->num_lines;
if (longest_src_lines < num)
@@ -2113,8 +2114,6 @@ static void find_alignment(struct scoreboard *sb, int *option)
longest_dst_lines = num;
if (largest_score < ent_score(sb, e))
largest_score = ent_score(sb, e);
-
- commit_info_destroy(&ci);
}
max_orig_digits = decimal_width(longest_src_lines);
max_digits = decimal_width(longest_dst_lines);
--
2.3.0.rc2.191.g303d43c
--- 8< ---
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: git 2.2.2 annotate crash (strbuf.c:32)
2015-02-09 18:46 ` Eric Sunshine
@ 2015-02-09 19:22 ` Dilyan Palauzov
2015-02-09 20:50 ` Junio C Hamano
1 sibling, 0 replies; 7+ messages in thread
From: Dilyan Palauzov @ 2015-02-09 19:22 UTC (permalink / raw)
To: Eric Sunshine; +Cc: git
Hello,
this patch fixes the problem for me.
Thanks
Dilyan
On 09.02.2015 19:46, Eric Sunshine wrote:
> On Mon, Feb 09, 2015 at 11:33:39AM +0100, Dilyan Palauzov wrote:
>> the point is that with exactly the same configuration on one
>> computer there is crash and on another one things work just fine.
>>
>> I found out that line builtin/blame.c:1675 makes the problems:
>>
>> if (len) {
>> printf("blame.c:1676, subject: %s, len: %i\n", subject, len);
>> --> strbuf_add(&ret->summary, subject, len); <--
>> } else
>> strbuf_addf(&ret->summary, "(%s)", sha1_to_hex(commit->object.sha1));
>>
>> commenting it out and compiling does not lead to crashing git
>> anymore. You can find below the output of printf.
>>
>> git clone git://git.cyrusimap.org/cyrus-imapd
>> git annotate timsieved/parser.c
>>
>> *** Error in `git': double free or corruption (!prev):
>> 0x00000000022e4b40 ***
>
> There is a bit of suspicious code in builtin/blame.c where it is
> destroying the commit_info without ever initializing it, and this
> happens many times when blaming 'timsieved/parser.c'. Does the
> following patch fix the problem for you?
>
> --- 8< ---
> diff --git a/builtin/blame.c b/builtin/blame.c
> index 303e217..a3cc972 100644
> --- a/builtin/blame.c
> +++ b/builtin/blame.c
> @@ -2085,7 +2085,6 @@ static void find_alignment(struct scoreboard *sb, int *option)
>
> for (e = sb->ent; e; e = e->next) {
> struct origin *suspect = e->suspect;
> - struct commit_info ci;
> int num;
>
> if (compute_auto_abbrev)
> @@ -2096,6 +2095,7 @@ static void find_alignment(struct scoreboard *sb, int *option)
> if (longest_file < num)
> longest_file = num;
> if (!(suspect->commit->object.flags & METAINFO_SHOWN)) {
> + struct commit_info ci;
> suspect->commit->object.flags |= METAINFO_SHOWN;
> get_commit_info(suspect->commit, &ci, 1);
> if (*option & OUTPUT_SHOW_EMAIL)
> @@ -2104,6 +2104,7 @@ static void find_alignment(struct scoreboard *sb, int *option)
> num = utf8_strwidth(ci.author.buf);
> if (longest_author < num)
> longest_author = num;
> + commit_info_destroy(&ci);
> }
> num = e->s_lno + e->num_lines;
> if (longest_src_lines < num)
> @@ -2113,8 +2114,6 @@ static void find_alignment(struct scoreboard *sb, int *option)
> longest_dst_lines = num;
> if (largest_score < ent_score(sb, e))
> largest_score = ent_score(sb, e);
> -
> - commit_info_destroy(&ci);
> }
> max_orig_digits = decimal_width(longest_src_lines);
> max_digits = decimal_width(longest_dst_lines);
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: git 2.2.2 annotate crash (strbuf.c:32)
2015-02-09 18:46 ` Eric Sunshine
2015-02-09 19:22 ` Dilyan Palauzov
@ 2015-02-09 20:50 ` Junio C Hamano
1 sibling, 0 replies; 7+ messages in thread
From: Junio C Hamano @ 2015-02-09 20:50 UTC (permalink / raw)
To: Eric Sunshine; +Cc: Dilyan Palauzov, git
Eric Sunshine <sunshine@sunshineco.com> writes:
> There is a bit of suspicious code in builtin/blame.c where it is
> destroying the commit_info without ever initializing it,...
Good eyes. I wonder why the compiler does not notice it.
It seems that this came from ea02ffa3 (mailmap:
simplify map_user() interface, 2013-01-05) and dates back to 1.8.2
or so.
> diff --git a/builtin/blame.c b/builtin/blame.c
> index 303e217..a3cc972 100644
> --- a/builtin/blame.c
> +++ b/builtin/blame.c
> @@ -2085,7 +2085,6 @@ static void find_alignment(struct scoreboard *sb, int *option)
>
> for (e = sb->ent; e; e = e->next) {
> struct origin *suspect = e->suspect;
> - struct commit_info ci;
> int num;
>
> if (compute_auto_abbrev)
> @@ -2096,6 +2095,7 @@ static void find_alignment(struct scoreboard *sb, int *option)
> if (longest_file < num)
> longest_file = num;
> if (!(suspect->commit->object.flags & METAINFO_SHOWN)) {
> + struct commit_info ci;
> suspect->commit->object.flags |= METAINFO_SHOWN;
> get_commit_info(suspect->commit, &ci, 1);
> if (*option & OUTPUT_SHOW_EMAIL)
> @@ -2104,6 +2104,7 @@ static void find_alignment(struct scoreboard *sb, int *option)
> num = utf8_strwidth(ci.author.buf);
> if (longest_author < num)
> longest_author = num;
> + commit_info_destroy(&ci);
> }
> num = e->s_lno + e->num_lines;
> if (longest_src_lines < num)
> @@ -2113,8 +2114,6 @@ static void find_alignment(struct scoreboard *sb, int *option)
> longest_dst_lines = num;
> if (largest_score < ent_score(sb, e))
> largest_score = ent_score(sb, e);
> -
> - commit_info_destroy(&ci);
> }
> max_orig_digits = decimal_width(longest_src_lines);
> max_digits = decimal_width(longest_dst_lines);
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2015-02-09 20:50 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-02-08 21:33 git 2.2.2 annotate crash (strbuf.c:32) Dilyan Palauzov
2015-02-09 1:28 ` Jeff King
2015-02-09 4:39 ` Eric Sunshine
2015-02-09 10:33 ` Dilyan Palauzov
2015-02-09 18:46 ` Eric Sunshine
2015-02-09 19:22 ` Dilyan Palauzov
2015-02-09 20:50 ` Junio C Hamano
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).