bug-gnu-utils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

gawk-3.1.5 non existent sourcefile


From: Michael May
Subject: gawk-3.1.5 non existent sourcefile
Date: Fri, 11 May 2007 16:37:55 +0200
User-agent: KMail/1.9.1

Hi there!

I've found a bug in the 3.1.5 release.

If you give a non existent file on the command line (or also in a script) 
the awk crashes due to an free() call:

# awk '{x}' ffffffff
*** glibc detected *** awk: free(): invalid pointer: 0x0808d340 ***
======= Backtrace: =========
/lib/libc.so.6[0x400aa308]
/lib/libc.so.6[0x400ab43b]
/lib/libc.so.6(__libc_free+0xbb)[0x400ab90c]
awk[0x806572c]
awk[0x8065a04]
awk[0x8065bce]
awk(do_input+0x4f)[0x8069417]
awk(main+0xf14)[0x806b1c6]
/lib/libc.so.6(__libc_start_main+0x15f)[0x4005e83f]
awk[0x804c8d1]
======= Memory map: ========
08048000-0808b000 r-xp 00000000 03:09 114519     /bin/gawk
0808b000-0808c000 rw-p 00043000 03:09 114519     /bin/gawk
0808c000-080b2000 rw-p 0808c000 00:00 0          [heap]
40000000-40019000 r-xp 00000000 03:09 99186      /lib/ld-2.5.so
40019000-4001a000 r--p 00018000 03:09 99186      /lib/ld-2.5.so
4001a000-4001b000 rw-p 00019000 03:09 99186      /lib/ld-2.5.so
40020000-40021000 rw-p 40020000 00:00 0
40021000-40023000 r-xp 00000000 03:09 99150      /lib/libdl-2.5.so
40023000-40024000 r--p 00001000 03:09 99150      /lib/libdl-2.5.so
40024000-40025000 rw-p 00002000 03:09 99150      /lib/libdl-2.5.so
40025000-40047000 r-xp 00000000 03:09 99146      /lib/libm-2.5.so
40047000-40048000 r--p 00021000 03:09 99146      /lib/libm-2.5.so
40048000-40049000 rw-p 00022000 03:09 99146      /lib/libm-2.5.so
40049000-40154000 r-xp 00000000 03:09 99141      /lib/libc-2.5.so
40154000-40165000 r--p 0010a000 03:09 99141      /lib/libc-2.5.so
40165000-40166000 rw-p 0011b000 03:09 99141      /lib/libc-2.5.so
40166000-4016a000 rw-p 40166000 00:00 0
4016a000-40174000 r-xp 00000000 03:09 99038      /lib/libgcc_s.so.1
40174000-40175000 rw-p 00009000 03:09 99038      /lib/libgcc_s.so.1
40200000-40221000 rw-p 40200000 00:00 0
40221000-40300000 ---p 40221000 00:00 0
bfdb8000-bfdcd000 rw-p bfdb8000 00:00 0          [stack]
ffffe000-fffff000 ---p 00000000 00:00 0          [vdso]
Aborted

So I found, in io.c, iop_alloc, in case of an invalid file handle
the given iop struct were freed but not dynamic allocated which causes
the freeing of a static pointer.

----------------------------- snip ---------------------------------
--- io.c        2005-07-26 20:07:43.000000000 +0200
+++ ../gawk-3.1.5-MM/io.c       2007-05-11 16:30:43.000000000 +0200
@@ -2495,7 +2497,6 @@
        }

        if (iop->fd == INVALID_HANDLE) {
-               free(iop);
                return NULL;
        }
        if (isatty(iop->fd))

----------------------------- snap ---------------------------------

This patch should fix the problem.

Kindly regards

Michael May




reply via email to

[Prev in Thread] Current Thread [Next in Thread]