[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: findutils-4.1 `locate` bug and patch.
From: |
Simon Fraser |
Subject: |
Re: findutils-4.1 `locate` bug and patch. |
Date: |
Mon, 18 Dec 2000 11:50:24 +0000 (GMT) |
> Thanks for your bug report. There is an alpha release of findutils
> which is available from ftp://alpha.gnu.org/gnu. I believe that the
> bug you report is solved by this release. While there are fewer bugs
> in the alpha release of findutils, there are still a number of bugs.
I've tested 4.1.6, and it does fix this bug. Thanks for your help.
Simon.
>
> Simon Fraser <address@hidden> writes:
>
> > Hi,
> > I tickled a bug in locate on a few of our servers. The symptom report is
> > that locate will SEGV, seemingly at random. Investigation reveals that
> > this is due to a bug in get_short which fails to deal with a signed
> > offset. Since values greater than -127 are written out as a single char,
> > only encoded values which have an offset of less than -127 cause this bug
> > to appear.
> >
> > To extend the example from frcode.c:
> >
> > Encoding:
> > /usr/local/src
> > /usr/local/src/verylongpathnamewhichisnotuniqueforquitesometimehonestguvnorfoobarbazquuzwibblefredbarneyturnipwomblesplatfilenamenumber1foo
> > /usr/local/src/verylongpathnamewhichisnotuniqueforquitesometimehonestguvnorfoobarbazquuzwibblefredbarneyturnipwomblesplatfilenamenumber2foo
> > /usr/foo
> >
> > Gives:
> > 0 /usr/local/src
> > 14
> > /verylongpathnamewhichisnotuniqueforquitesometimehonestguvnorfoobarbazquuzwibblefredbarneyturnipwomblesplatfilenamenumber1foo
> > 122 2foo
> > -131 foo
> >
> > Reading /usr/foo from the locate database is controlled by lines 269 and
> > 270 of locate.c:
> >
> > if (c == LOCATEDB_ESCAPE)
> > count += get_short(fp);
> >
> > get_short misreads the two chars as unsigned, and returns a value
> > appropriately, 65535 minus the intended value. This causes count to be
> > incorrect, and count is used as an offset in the current path later on,
> > notably in getstr. The resultant error in pointer arithmatic causes the
> > segmentation violation.
> >
> > This can be fixed by replacing the contents of get_short:
> > --
> > register short x;
> >
> > x = fgetc (fp);
> > return (x << 8) | (fgetc (fp) & 0xff);
> > --
> > with:
> > --
> > char x[1];
> > fread((void *)&x,2,1,fp);
> > return ((x[0]<<8)|(x[1]&0xff));
> > --
> >
> > The downside to this is that x is no longer a register variable, as it's
> > not possible to apply the & operator to data held in a register. However,
> > it is only a single read operation instead of two, and does not have any
> > problems with signed values. put_short does not need to be modified, so
> > the fixed version works with existing locate databases.
> >
> > For reference the systems where this bug were discovered are both Sun
> > Sparcs, one an Ultra 5 running Solaris 2.6, the other an Ultra 60 running
> > Solaris 7. Both have findutils 4.1.
> >
> > Thanks,
> > Simon.
> >
> >
> > _______________________________________________
> > Bug-gnu-utils mailing list
> > address@hidden
> > http://mail.gnu.org/mailman/listinfo/bug-gnu-utils
> >
>
> --
> Kevin Dalley
> address@hidden
>
--
Simon Fraser address@hidden
-
We are either doing something, or we are not. 'Talking about'
is a subset of 'not'.