bug-coreutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug report: tac crash

From: Jim Meyering
Subject: Re: Bug report: tac crash
Date: Mon, 05 May 2008 13:46:27 +0200 
Jim Meyering <address@hidden> wrote:
> Daniel Dunbar <address@hidden> wrote:
>> The following crashes tac on my machine (6.10 and 6.11):
>> --
>> $ echo > x; tac -r x x
>> Segmentation fault
>> --
>>
>> The crash occurs in re_copy_regs and the error has to do with the code
>> assuming regs->num_regs is initialized when it is not, in conjunction with
>> the regs_allocated parameter. This results in the final loop scribbling -1 
>> over
>> varying and often large amounts of memory.
>>
>> It looks to me like the problem is re_copy_regs assuming the state of the
>> re_pattern_buffer and the re_registers are in sync, but this doesn't hold 
>> when
>> tac makes multiple re_search calls with the registers on the stack.
>
> Hi Daniel,
> Thanks for the report and analysis!
> Here's the fix I expect to push once I've added a test.
...

Here's what I've just pushed:

>From d701f6abb73e36721de5df083df4769786a14528 Mon Sep 17 00:00:00 2001
From: Jim Meyering <address@hidden>
Date: Mon, 5 May 2008 00:07:08 +0200
Subject: [PATCH] tac: avoid segfault for e.g., "echo > x; tac -r x x"

* src/tac.c (tac_seekable): Move local "regs" declaration out
to file scope, so its values aren't clobbered between calls.
Discovered by Cristian Cadar, Daniel Dunbar and Dawson Engler,
reported in http://thread.gmane.org/gmane.comp.gnu.coreutils.bugs/13501
* NEWS: Mention the bug fix.
* tests/Makefile.am (TESTS): Add misc/tac.
* tests/misc/tac: New file.  Test for the above.
---
 NEWS              |    3 +++
 src/tac.c         |    2 +-
 tests/Makefile.am |    1 +
 tests/misc/tac    |   45 +++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 50 insertions(+), 1 deletions(-)
 create mode 100644 tests/misc/tac

diff --git a/NEWS b/NEWS
index faf2b1d..d7ec1b2 100644
--- a/NEWS
+++ b/NEWS
@@ -13,6 +13,9 @@ GNU coreutils NEWS                                    -*- 
outline -*-
   Printing of such large-numbered, kernel-only (not in /etc/group) group-IDs
   was suppressed in 6.11 due to ignorance that they are useful.

+  tac: avoid segfault with --regex (-r) and multiple files, e.g.,
+  "echo > x; tac -r x x".  [bug present at least in textutils-1.8b, from 1992]
+

 * Noteworthy changes in release 6.11 (2008-04-19) [stable]

diff --git a/src/tac.c b/src/tac.c
index 262bf87..e9ba10d 100644
--- a/src/tac.c
+++ b/src/tac.c
@@ -110,6 +110,7 @@ static size_t G_buffer_size;
 /* The compiled regular expression representing `separator'. */
 static struct re_pattern_buffer compiled_separator;
 static char compiled_separator_fastmap[UCHAR_MAX + 1];
+static struct re_registers regs;

 static struct option const longopts[] =
 {
@@ -212,7 +213,6 @@ tac_seekable (int input_fd, const char *file)
   char first_char = *separator;        /* Speed optimization, non-regexp. */
   char const *separator1 = separator + 1; /* Speed optimization, non-regexp. */
   size_t match_length1 = match_length - 1; /* Speed optimization, non-regexp. 
*/
-  struct re_registers regs;

   /* Find the size of the input file. */
   file_pos = lseek (input_fd, (off_t) 0, SEEK_END);
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 8dde07e..343d719 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -203,6 +203,7 @@ TESTS =                                             \
   misc/stty-row-col                            \
   misc/sum                                     \
   misc/sum-sysv                                        \
+  misc/tac                                     \
   misc/tac-continue                            \
   misc/tee                                     \
   misc/tee-dash                                        \
diff --git a/tests/misc/tac b/tests/misc/tac
new file mode 100644
index 0000000..208791a
--- /dev/null
+++ b/tests/misc/tac
@@ -0,0 +1,45 @@
+#!/bin/sh
+# -*- perl -*-
+
+# Copyright (C) 2008 Free Software Foundation, Inc.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+: ${top_srcdir=../..}
+. $top_srcdir/tests/require-perl
+
+me=`echo $0|sed 's,.*/,,'`
+exec $PERL -w -I$top_srcdir/tests -MCoreutils -M"CuTmpdir qw($me)" -- - <<\EOF
+require 5.003;
+use strict;
+
+my $prog = 'tac';
+
+# Turn off localization of executable's output.
address@hidden(LANGUAGE LANG LC_ALL)} = ('C') x 3;
+
+my @Tests =
+(
+  ['segfault', '-r', {IN=>"a\n"}, {IN=>"b\n"}, {OUT=>"a\nb\n"}],
+  ['segfault2','-r', {IN=>"a\nb\n"}, {IN=>"1\n2\n"}, {OUT=>"b\na\n2\n1\n"}],
+);
+
+# @Tests = triple_test address@hidden;
+
+my $save_temps = $ENV{DEBUG};
+my $verbose = $ENV{VERBOSE};
+
+my $fail = run_tests ($prog, $prog, address@hidden, $save_temps, $verbose);
+exit $fail;
+EOF
--
1.5.5.1.126.g02179
reply via email to
[Prev in Thread] Current Thread [Next in Thread]