tcsh segmentation fault

"tcsh -f" works, so it seems this happens because of /etc/csh* scripts.

Doesn't seem to be reproduceable on Feisty.

tcsh still segfaults on Feisty.

"tcsh -f" works, and I'm also able to source all /etc/csh* etc. scripts; everythings works OK. But without -f it crashes everytime.

I'm also experiencing sudden segfaults with tcsh. Don't know what I did but I've been using it as a login shell till this morning. Symptoms are identical to Sami Nybacka; "tcsh -f" works, "source" works, without -f crashes.

I've narrowed it down to problems in the .history file, but this is as far as I can get. It is not a short history list, but removing any more lines will simply remove the segfault. Possible reason might be non-ASCII characters at certain positions. The same .history file will segfault tcsh in FreeBSD 6.2 also. I assume this problem exists upstream also.

Attached in the .history file (yeah, I know my privacy is now bust:) Replace your .history file with the one attached, and tcsh segfaults. Removing random lines removes the segfault, though.

Thanks! Indeed, .history seems to be the problem. I removed my .history, and now tcsh works. (Anyway, because of this mystery bug, I've already switched to zsh as a login shell...)

I encountered this problem after rebooting to pick up the latest Ubuntu kernel: 2.6.20-16.31. However, the obvious assumption that this was the cause seems to be ruled out by finding this bug report.

My problem was also due to the .history file and tcsh -f also eliminated the problem. I also discovered that setting LANG=C allows tcsh to startup normally. This strongly suggest a NLS Unicode problem. My history file contained some non-ASCII characters that were implicated in the strace output of the Segmentation fault. I was able to reproduce the segmentation fault with the above .history file attached by Sunjae Park. In addition I was able to shorten it considerably to a measly 4392 bytes uncompressed. From the strace output I suspect that the offset of the multi-byte characters is important.

Anyway, before I was so rudely interrupted by the "Save Changes" button...

The commands I used are these:
[~]% ls .history
-rw-r--r-- 1 4392 Sep 1 15:07 .history
[~]% md5sum .history
d720baeeae451f88070ad3014055f0a9 .history
[~]% bash -c 'LANG=en_US.UTF-8 strace -o /tmp/tcsh.out2 tcsh'

Some interesting seeming exerpts of the trace file:
close(6) = 0
open("/home/ota/.history", O_RDONLY|O_LARGEFILE) = 0
dup(0) = 1
dup(1) = 2
dup(2) = 3
dup(3) = 4
dup(4) = 5
dup(5) = 6
close(5) = 0
close(4) = 0
close(3) = 0
close(2) = 0
close(1) = 0
close(0) = 0
fcntl64(6, F_SETFD, FD_CLOEXEC) = 0
rt_sigprocmask(SIG_SETMASK, NULL, [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [INT], NULL, 8) = 0
ioctl(6, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbfe65898) = -1 ENOTTY (Inappropriate i
octl for device)
rt_sigprocmask(SIG_SETMASK, NULL, [INT], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_SETMASK, NULL, [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
read(6, "#+83336638\nfg\n#+1183336673\ncmake"..., 4096) = 4096
...
read(6, "04x396\\ DivX661\\ 120fps\\).avi -s"..., 170) = 170
...
alarm(0) = 0
rt_sigprocmask(SIG_SETMASK, NULL, [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [INT], NULL, 8) = 0
rt_sigprocmask(SIG_SETMASK, NULL, [INT], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
read(6, "\254\25413\350\251\261\\ \343\200\214\343\201\212\343", 16) = 16
read(6, "\201\204\343\201\227\343", 6) = 6
read(6, "\201", 1) = 1
read(6, "\204", 1) = 1
read(6, "\346", 1) = 1
read(6, "\227", 1) = 1
read(6, "\245", 1) = 1
read(6, "\343", 1) = 1
read(6, "\200", 1) = 1
read(6, "\215", 1) = 1
read(6, "\\", 1) = 1
read(6, " ", 1) = 1
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV (core dumped) +++

Notice that it reads bytes in shrinking numbers from the .history file: 4096 bytes, then 170, 16, 6, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 !!BOOM!!

Odd. Anyway my tcsh and other versions are:
% tcsh --version
tcsh 6.14.00 (Astron) 2005-03-25 (i486-intel-linux) options wide,nls,dl,al,kan,rh,nd,color,filec
[~]% uname -a
Linux alohomora 2.6.20-16-generic #2 SMP Fri Aug 31 00:55:27 UTC 2007 i686 GNU/Linux
[~]% cat /etc/issue
Ubuntu 7.04 \n \l
[~]% apt-cache show tcsh|grep deb
Filename: pool/universe/t/tcsh/tcsh_6.14.00-7_i386.deb

HtH,
Ted

Version 6.15.00 fixed: cf. http://bugs.gw.com/view.php?id=29

Could someone pull this into Ubuntu, please ?

Thanks in advance :-)

--
Francis

Hi there,

Almost once a day, I've got to log in under another id to move away my .history file, in order to be able to spawn another shell.

I can't believe no one *cared* about this one in a 5-6 months range ! Even Intrepid doesn't include a fixed tcsh: you could just remove tcsh for your repository, it wouldn't be any worse.

Sadly,

--
Francis

This bug was fixed in the package tcsh - 6.14.00-7ubuntu1

---------------
tcsh (6.14.00-7ubuntu1) intrepid; urgency=low

  * debian/patches/14_multibyte_chars_from_file_crash.dpatch:
    - Prevent tcsh from segfaulting when reading multibyte characters
      from a file (LP: #86683), (Closes: #452214)
  * debian/control: Modify as per DebianMaintainerField spec

 -- Daniel T Chen <email address hidden> Sun, 21 Sep 2008 17:23:27 -0400