From marka@isc.org  Tue May 27 23:06:10 2003
Return-Path: <marka@isc.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 28C4037B401
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 27 May 2003 23:06:10 -0700 (PDT)
Received: from bsdi.dv.isc.org (c17249.carlnfd1.nsw.optusnet.com.au [210.49.138.109])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 01E8443F93
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 27 May 2003 23:06:07 -0700 (PDT)
	(envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (drugs.dv.isc.org [192.168.191.236])
	by bsdi.dv.isc.org (8.12.9/8.12.9) with ESMTP id h4S65sl3015419
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 28 May 2003 16:05:54 +1000 (EST)
	(envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1])
	by drugs.dv.isc.org (8.12.9/8.12.9) with ESMTP id h4S65s7T001706
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 28 May 2003 16:05:54 +1000 (EST)
	(envelope-from marka@drugs.dv.isc.org)
Received: (from marka@localhost)
	by drugs.dv.isc.org (8.12.9/8.12.9/Submit) id h4S65seO001705;
	Wed, 28 May 2003 16:05:54 +1000 (EST)
	(envelope-from marka)
Message-Id: <200305280605.h4S65seO001705@drugs.dv.isc.org>
Date: Wed, 28 May 2003 16:05:54 +1000 (EST)
From: Mark Andrews <marka@isc.org>
Reply-To: Mark Andrews <marka@isc.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: tcsh fails to handle large arguements
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         52746
>Category:       bin
>Synopsis:       tcsh(1) fails to handle large arguements
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue May 27 23:10:13 PDT 2003
>Closed-Date:    Sun Apr 25 21:52:19 UTC 2010
>Last-Modified:  Sun Apr 25 21:52:19 UTC 2010
>Originator:     Mark Andrews
>Release:        FreeBSD 4.8-RC i386
>Organization:
ISC
>Environment:
System: FreeBSD drugs.dv.isc.org 4.8-RC FreeBSD 4.8-RC #6: Sun Mar 30 11:45:29 EST 2003 marka@drugs.dv.isc.org:/usr/obj/usr/src/sys/DRUGS i386


>Description:

	Tcsh fails to excessively long arguements.  It prints
	"Word too long." then fails to return.
	
>How-To-Repeat:

	/bin/echo `perl -e 'print "A"x1000000'`

>Fix:

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: nork 
State-Changed-When: Tue May 27 23:25:28 PDT 2003 
State-Changed-Why:  
SEE ALSO glob(3), sysconf(3), /usr/include/sys/syslimits.h. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=52746 
State-Changed-From-To: closed->open 
State-Changed-By: nork 
State-Changed-When: Wed May 28 00:44:25 PDT 2003 
State-Changed-Why:  
Yes.  /bin/sh doesn't appear this problem.  This is a tcsh problem. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=52746 
State-Changed-From-To: open->feedback 
State-Changed-By: dwmalone 
State-Changed-When: Mon Jun 2 07:31:17 PDT 2003 
State-Changed-Why:  
Mark, 

I'd run into this problem a few years ago, but never had a chance 
to get to the bottom of it.  From running ktrace, it looks like 
this problem is related to vfork.  For me, running tcsh with the 
-F flag (ie., use fork not vfork) seems to work around the problem. 

I'm guessing what is happening is that something is handling the 
arg too long error and clobbering the vforked stack.  I'll try to 
do a bit more digging, but you might like to check if-F helps in 
your case too... 

David. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=52746 

From: David Malone <dwmalone@maths.tcd.ie>
To: freebsd-gnats-submit@FreeBSD.org, marka@isc.org
Cc:  
Subject: Re: bin/52746: tcsh fails to handle large arguements
Date: Tue, 03 Jun 2003 12:04:10 +0100

 OK - I believe I understand the bug now. It looks like a tcsh bug
 on platforms that have a real version of vfork. Here's what's
 happening:
 
 	% /bin/echo `perl -e 'print "A"x1000000'`
 
 	1) tcsh vforks to produce what is intended to become /bin/echo,
 	I'll call this tcsh-echo. The original tcsh goes to sleep until
 	the vfork is done.
 
 	2) tcsh-echo forks, execs perl, adds perl to it's list of
 	helper processes. Because tcsh-echo is vforked, the original
 	tcsh can see this extra process in its process list.
 
 	3) tcsh-echo calls stderror when too many "A"s show up, and
 	stderr calls xexit. ktrace shows tcsh-echo exiting before
 	perl gets its SIGPIPE, so the perl is never reaped and
 	remains in the firends list for tcsh-echo.
 
 	4) tcsh resumes execution now that tcsh-echo has finished
 	running in vforked space. It starts waiting for tcsh-echo
 	and its friends to finish, but perl is stuck on the list.
 
 So, a workaround is to disable the use of vfork 'cos the child then
 ends up with its own address space and the perl never makes it into
 the original tcsh's list of processes to wait for.
 
 I've included some debugging output below, as it may be of use to
 the tcsh people. I'll try and raise the issue with tcsh-bugs@mx.gw.com
 
 	David.
 
         AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
  -echo tcsh     RET   read 4096/0x1000
  -echo tcsh     CALL  write(0x2,0x8149b20,0xf)
  -echo tcsh     GIO   fd 2 wrote 15 bytes
        "Word too long.
        "
  -echo tcsh     RET   write 15/0xf
  -echo tcsh     CALL  exit(0x1)
  perl perl     GIO   fd 1 wrote 4096 bytes
        "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
         AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
         AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
 
 .
 .
 .
         AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
  perl perl     RET   write 16384/0x4000
  perl perl     CALL  write(0x1,0x8108000,0x4000)
  perl perl     RET   write -1 errno 32 Broken pipe
  perl perl     PSIG  SIGPIPE SIG_DFL
  parent tcsh     RET   vfork -echo/0x1240e
 
 
 % /bin/echo `perl -e 'print "A"x1000000'`
 wanttty 75514 pid 75521 opgrp75521 pgrp 75514 tpgrp 75514
 wanttty 75514 pid 75521 pgrp 75521 tpgrp 75521
 wanttty -1 pid 75522 opgrp75522 pgrp 75521 tpgrp 75521
 wanttty -1 pid 75522 pgrp 75521 tpgrp 75521
 Word too long.
 jobflags=0
 jobflags for 75522 is 10101
 jobflags for 75521 is 8
 75514 starting to sigpause for  SIGCHLD on 75522
 

From: Kris Kennaway <kris@obsecurity.org>
To: freebsd-gnats-submit@FreeBSD.org, marka@isc.org
Cc: dwmalone@FreeBSD.org
Subject: Re: bin/52746
Date: Sat, 12 Jul 2003 16:20:33 -0700

 David, can you forward your analysis to the tcsh maintainer, Christos
 Zoulas <christos@zoulas.com>?  I have tried to email him recently
 about this myself, but he bounces my emails.
 
 Kris
 

From: David Malone <dwmalone@maths.tcd.ie>
To: Kris Kennaway <kris@obsecurity.org>
Cc: freebsd-gnats-submit@FreeBSD.org, marka@isc.org,
	dwmalone@FreeBSD.org
Subject: Re: bin/52746 
Date: Sun, 13 Jul 2003 09:34:39 +0100

 > David, can you forward your analysis to the tcsh maintainer, Christos
 > Zoulas <christos@zoulas.com>?  I have tried to email him recently
 > about this myself, but he bounces my emails.
 
 I got a patch from Christos, but while testing I found that it
 caused problems with running subcommands in vim. I haven't had time
 to investigate further. I've let Christos know about that too.
 I've included the patch below, in case anyone wants to do more
 testing or debugging of it.
 
 We could probably work around the problem by disabling the use of
 vfork under FreeBSD.
 
 	David.
 
 Index: sh.proc.c
 ===================================================================
 RCS file: /src/pub/tcsh/sh.proc.c,v
 retrieving revision 3.79
 diff -u -u -r3.79 sh.proc.c
 --- sh.proc.c	26 May 2003 07:11:07 -0000	3.79
 +++ sh.proc.c	3 Jun 2003 13:10:48 -0000
 @@ -602,8 +602,15 @@
  	while ((fp = (fp->p_friends)) != pp);
  	if ((jobflags & PRUNNING) == 0)
  	    break;
 +	if (kill(-fp->p_procid, 0) == -1 && errno == ESRCH) {
  #ifdef JOBDEBUG
 -	xprintf("%d starting to sigpause for  SIGCHLD on %d\n",
 +	    xprintf("%d child %d already exited\n",
 +		    getpid(), fp->p_procid);
 +#endif /* JOBDEBUG */
 +	    break;
 +	}
 +#ifdef JOBDEBUG
 +	xprintf("%d starting to sigpause for SIGCHLD on %d\n",
  		getpid(), fp->p_procid);
  #endif /* JOBDEBUG */
  #ifdef BSDSIGS
 
 
State-Changed-From-To: feedback->analyzed 
State-Changed-By: linimon 
State-Changed-When: Sat Mar 1 20:12:06 UTC 2008 
State-Changed-Why:  
Feedback was received quite some time ago. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=52746 
State-Changed-From-To: analyzed->feedback  
State-Changed-By: brucec 
State-Changed-When: Tue Jul 15 17:39:57 UTC 2008 
State-Changed-Why:  
tcsh 6.15.00 was imported into RELENG_6 a few months ago and looks like it has  
fixed the problem. Are you still seeing this issue on 6-STABLE? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=52746 
State-Changed-From-To: feedback->closed 
State-Changed-By: jilles 
State-Changed-When: Sun Apr 25 21:52:18 UTC 2010 
State-Changed-Why:  
Feedback timeout. I cannot reproduce this either anymore in 8.0-STABLE. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=52746 
>Unformatted:
