Double free executing pipe-visible with unterminated double quote #49

Closed
opened 1 year ago by ifreund · 3 comments
ifreund commented 1 year ago

The following config triggers the issue:

[key-bindings]
pipe-visible=[sh -c "xurls | bemenu | xargs -r firefox] Control+Shift+U

This is the output I get:

 err: tokenize.c:47: unterminated double quote

free(): double free detected in tcache 2
zsh: abort      ./bld/debug/foot

Here's the backtrace:

(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff7b5c55b in __GI_abort () at abort.c:79
#2  0x00007ffff7bb4df8 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff7cc0f3e "%s\n") at ../sysdeps/posix/libc_fatal.c:181
#3  0x00007ffff7bbc16a in malloc_printerr (str=str@entry=0x7ffff7cc2b90 "free(): double free detected in tcache 2") at malloc.c:5332
#4  0x00007ffff7bbdf8d in _int_free (av=0x7ffff7cf39e0 <main_arena>, p=0x555555679cf0, have_lock=0) at malloc.c:4201
#5  0x0000555555571d7d in execute_binding (seat=0x55555561c910, term=0x55555561da90, action=BIND_ACTION_PIPE_VIEW, pipe_cmd=0x5555555cfe80 "sh -c \"xurls | bemenu | xargs -r firefox", 
    serial=60521) at ../../input.c:242
#6  0x00005555555746ca in keyboard_key (data=0x55555561c910, wl_keyboard=0x55555561c370, serial=60521, time=25258211, key=31, state=1) at ../../input.c:746
#7  0x00007ffff7b31e6d in ?? () from /usr/lib/libffi.so.7
#8  0x00007ffff7b312aa in ?? () from /usr/lib/libffi.so.7
#9  0x00007ffff7dc0a1f in wl_closure_invoke (closure=closure@entry=0x55555561ccc0, target=<optimized out>, target@entry=0x55555561c370, opcode=opcode@entry=3, data=<optimized out>, 
    flags=1) at ../src/connection.c:1018
#10 0x00007ffff7dc1ed3 in dispatch_event (display=display@entry=0x555555617bb0, queue=<optimized out>) at ../src/wayland-client.c:1445
#11 0x00007ffff7dc226c in dispatch_queue (queue=0x555555617c80, display=0x555555617bb0) at ../src/wayland-client.c:1591
#12 wl_display_dispatch_queue_pending (display=0x555555617bb0, queue=0x555555617c80) at ../src/wayland-client.c:1833
#13 0x00005555555a05fb in fdm_wayl (fdm=0x55555560a640, fd=5, events=1, data=0x5555555f55e0) at ../../wayland.c:953
#14 0x000055555556f266 in fdm_poll (fdm=0x55555560a640) at ../../fdm.c:327
#15 0x00005555555785da in main (argc=0, argv=0x7fffffffe360) at ../../main.c:435

Works fine if I close my double quote though, so it won't stop me from using foot :)

The following config triggers the issue: ``` [key-bindings] pipe-visible=[sh -c "xurls | bemenu | xargs -r firefox] Control+Shift+U ``` This is the output I get: ``` err: tokenize.c:47: unterminated double quote free(): double free detected in tcache 2 zsh: abort ./bld/debug/foot ``` Here's the backtrace: ``` (gdb) bt #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x00007ffff7b5c55b in __GI_abort () at abort.c:79 #2 0x00007ffff7bb4df8 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff7cc0f3e "%s\n") at ../sysdeps/posix/libc_fatal.c:181 #3 0x00007ffff7bbc16a in malloc_printerr (str=str@entry=0x7ffff7cc2b90 "free(): double free detected in tcache 2") at malloc.c:5332 #4 0x00007ffff7bbdf8d in _int_free (av=0x7ffff7cf39e0 <main_arena>, p=0x555555679cf0, have_lock=0) at malloc.c:4201 #5 0x0000555555571d7d in execute_binding (seat=0x55555561c910, term=0x55555561da90, action=BIND_ACTION_PIPE_VIEW, pipe_cmd=0x5555555cfe80 "sh -c \"xurls | bemenu | xargs -r firefox", serial=60521) at ../../input.c:242 #6 0x00005555555746ca in keyboard_key (data=0x55555561c910, wl_keyboard=0x55555561c370, serial=60521, time=25258211, key=31, state=1) at ../../input.c:746 #7 0x00007ffff7b31e6d in ?? () from /usr/lib/libffi.so.7 #8 0x00007ffff7b312aa in ?? () from /usr/lib/libffi.so.7 #9 0x00007ffff7dc0a1f in wl_closure_invoke (closure=closure@entry=0x55555561ccc0, target=<optimized out>, target@entry=0x55555561c370, opcode=opcode@entry=3, data=<optimized out>, flags=1) at ../src/connection.c:1018 #10 0x00007ffff7dc1ed3 in dispatch_event (display=display@entry=0x555555617bb0, queue=<optimized out>) at ../src/wayland-client.c:1445 #11 0x00007ffff7dc226c in dispatch_queue (queue=0x555555617c80, display=0x555555617bb0) at ../src/wayland-client.c:1591 #12 wl_display_dispatch_queue_pending (display=0x555555617bb0, queue=0x555555617c80) at ../src/wayland-client.c:1833 #13 0x00005555555a05fb in fdm_wayl (fdm=0x55555560a640, fd=5, events=1, data=0x5555555f55e0) at ../../wayland.c:953 #14 0x000055555556f266 in fdm_poll (fdm=0x55555560a640) at ../../fdm.c:327 #15 0x00005555555785da in main (argc=0, argv=0x7fffffffe360) at ../../main.c:435 ``` Works fine if I close my double quote though, so it won't stop me from using foot :)
dnkl commented 1 year ago
Owner

Great bug report! And oops, hopefully this didn't cause you to lose anything important. #50 should fix it. Will merge after work :)

Great bug report! And oops, hopefully this didn't cause you to lose anything important. https://codeberg.org/dnkl/foot/pulls/50 should fix it. Will merge after work :)
Poster

Thanks for the quick fix! Didn't lose anything as I was just testing out the new binding, which works great with the closing double quote.

Thanks for the quick fix! Didn't lose anything as I was just testing out the new binding, which works great with the closing double quote.
dnkl closed this issue 1 year ago
dnkl commented 1 year ago
Owner

I took the opportunity to also (finally) add support for escaped quotes in the tokenizer. I.e. you can now do cmd "foo \"one two three\" four".

I took the opportunity to also (finally) add support for escaped quotes in the tokenizer. I.e. you can now do `cmd "foo \"one two three\" four"`.
Sign in to join this conversation.
No Milestone
No Assignees
2 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.