[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[coreutils] [PATCH] sort: fix very-unlikely buffer overrun when merging
|
From: |
Paul Eggert |
|
Subject: |
[coreutils] [PATCH] sort: fix very-unlikely buffer overrun when merging to input file |
|
Date: |
Tue, 14 Dec 2010 11:14:15 -0800 |
|
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.13) Gecko/20101208 Thunderbird/3.1.7 |
This bug has been there for ages, I think. It's unrelated to
the other bugs recently discussed, but I found it by code inspection
while looking into the other ones. I don't see any practical
way to test for it. I pushed this:
* src/sort.c (avoid_trashing_input): Fix a typo that could cause a
buffer overrun in theory. In practice this is extremely unlikely,
as it requires running out of file descriptors in a small merge,
presumably because some other process is hogging all the OS's file
descriptors.
---
src/sort.c | 5 ++---
1 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/sort.c b/src/sort.c
index 63162ea..3321ddb 100644
--- a/src/sort.c
+++ b/src/sort.c
@@ -3613,9 +3613,8 @@ avoid_trashing_input (struct sortfile *files, size_t
ntemps,
files[i].name = temp;
files[i].pid = pid;
- if (i + num_merged < nfiles)
- memmove (&files[i + 1], &files[i + num_merged],
- num_merged * sizeof *files);
+ memmove (&files[i + 1], &files[i + num_merged],
+ (nfiles - (i + num_merged)) * sizeof *files);
ntemps += 1;
nfiles -= num_merged - 1;;
i += num_merged;
--
1.7.2
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [coreutils] [PATCH] sort: fix very-unlikely buffer overrun when merging to input file,
Paul Eggert <=