[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
diff-2.7.7 crashes on /proc/<pid>/maps
|
From: |
Bruno Haible |
|
Subject: |
diff-2.7.7 crashes on /proc/<pid>/maps |
|
Date: |
Wed, 30 Jan 2002 14:59:02 +0100 (CET) |
On Linux, /proc/<pid>/maps is somewhat special. stat() says that it's a
regular file of size 0, yet its contents is so large that it easily
overflows the buffer GNU diff prepares for storing its contents. (See
sample appended below).
Question: Is the kernel right in offering data of unknown size in the form
of a regular file? I had set the mode of /proc/<pid>/maps to pr--r--r--
some years ago, but since then some fellow hacker has removed the 'p'ipe flag.
Question: Is GNU diff right in assuming that the file contains no more
bytes than its size says? Any regular file could grow while diff is
running. After all, this situation is the entire purpose of "tail -f".
Bruno
--------------------------------------------------------------------------
$ cat /proc/self/maps > /tmp/xx
$ diff -c3 /tmp/xx /proc/self/maps
Speicherzugriffsfehler (core dumped)
The backtrace:
(gdb) where
#0 0x400ac41a in chunk_free (ar_ptr=0x40156f00, p=0x8051bfe) at malloc.c:3227
#1 0x400ac0d9 in chunk_alloc (ar_ptr=0x40156f00, nb=256) at malloc.c:2706
#2 0x400ab861 in __libc_malloc (bytes=252) at malloc.c:2810
#3 0x8052c3f in xmalloc (n=252) at ../../lib/xmalloc.c:87
#4 0x804ef54 in find_identical_ends (filevec=0xbfffeef0) at ../../src/io.c:684
#5 0x804f35c in read_files (filevec=0xbfffeef0, pretend_binary=0)
at ../../src/io.c:782
#6 0x804a79a in diff_2_files (cmp=0xbfffeef0) at ../../src/analyze.c:837
#7 0x804cd8f in compare_files (parent=0x0, name0=0xbffff34d "/tmp/xx",
name1=0xbffff355 "/proc/self/maps") at ../../src/diff.c:1291
#8 0x804c066 in main (argc=4, argv=0xbffff134) at ../../src/diff.c:717
So it's a malloc error. Let's see with libefence:
#0 prepare_text (current=0xbfffef80) at ../../src/io.c:503
503 p[buffered++] = '\n';
(gdb) where
#0 prepare_text (current=0xbfffef80) at ../../src/io.c:503
#1 0x804edd9 in find_identical_ends (filevec=0xbfffeed0) at ../../src/io.c:548
#2 0x804f35c in read_files (filevec=0xbfffeed0, pretend_binary=0)
at ../../src/io.c:782
#3 0x804a79a in diff_2_files (cmp=0xbfffeed0) at ../../src/analyze.c:837
#4 0x804cd8f in compare_files (parent=0x0, name0=0xbffff32c "/tmp/xx",
name1=0xbffff334 "/proc/self/maps") at ../../src/diff.c:1291
#5 0x804c066 in main (argc=4, argv=0xbffff114) at ../../src/diff.c:717
(gdb) print *current
$1 = {desc = 6, name = 0xbffff380 "/proc/self/maps", stat = {st_dev = 2,
__pad1 = 0, __st_ino = 1937375245, st_mode = 33060, st_nlink = 1,
st_uid = 101, st_gid = 100, st_rdev = 0, __pad2 = 0, st_size = 0,
st_blksize = 1024, st_blocks = 0, st_atime = 1012012505, __unused1 = 0,
st_mtime = 1012012505, __unused2 = 0, st_ctime = 1012012505,
__unused3 = 0, st_ino = 1937375245}, buffer = 0x40308c00, bufsize = 1024,
buffered = 1024, linbuf = 0x0, linbuf_base = 0, buffered_lines = 0,
valid_lines = 0, alloc_lines = 0, prefix_end = 0x0, prefix_lines = 0,
suffix_begin = 0x0, equivs = 0x0, undiscarded = 0x0, realindexes = 0x0,
nondiscarded_lines = 0, changed = 0x0, missing_newline = false, eof = false,
equiv_max = 0}
(gdb) print buffered
$2 = 1024
- diff-2.7.7 crashes on /proc/<pid>/maps,
Bruno Haible <=