[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#7357: csplit: memory exhausted when using stdout / pipe instead of a
From: |
Jim Meyering |
Subject: |
bug#7357: csplit: memory exhausted when using stdout / pipe instead of a file |
Date: |
Wed, 10 Nov 2010 13:56:58 +0100 |
Pádraig Brady wrote:
...
> I just looked at the csplit code there,
> and it's more sophisticated than I expected.
> Therefore it seems this is just a plain old mem leak.
>
> diff --git a/src/csplit.c b/src/csplit.c
> index 40baba8..770f891 100644
> --- a/src/csplit.c
> +++ b/src/csplit.c
> @@ -418,6 +418,13 @@ get_new_buffer (size_t min_size)
> static void
> free_buffer (struct buffer_record *buf)
> {
> + struct line *l, *n;
> + for (l = buf->line_start; l;)
> + {
> + n = l->next;
> + free (l);
> + l = n;
> + }
> free (buf->buffer);
> buf->buffer = NULL;
> }
> @@ -542,6 +549,7 @@ remove_line (void)
> if (prev_buf)
> {
> free_buffer (prev_buf);
> + free (prev_buf);
> prev_buf = NULL;
> }
Good one. Thank you!
That looks fine and certainly belongs in the upcoming release.
Looking at that, I found yet another problem.
Here's all but the test, which will be done momentarily:
>From b6ab1ac32080060667dea3b864462b5535e2779d Mon Sep 17 00:00:00 2001
From: Jim Meyering <address@hidden>
Date: Wed, 10 Nov 2010 13:53:38 +0100
Subject: [PATCH] csplit: avoid buffer overrun when writing more than 999 files
Without this fix, seq 1000 | csplit - /./ '{*}' would write
the NUL-terminated file name, xx1000, into a buffer of size 6.
* src/csplit.c (main): Use properly sized file name buffer.
* NEWS (Bug fixes): Mention it.
---
NEWS | 4 ++++
src/csplit.c | 9 +++++----
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/NEWS b/NEWS
index 0cd6153..89ae5d6 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,10 @@ GNU coreutils NEWS -*-
outline -*-
latent bug introduced in coreutils 8.1, and possibly a second latent
bug going at least as far back as coreutils 5.97]
+ csplit no longer corrupts heap when writing more than 999 files.
+ Demonstrate with: seq 1000 | csplit - /./ '{*}'
+ [the bug was present in the initial implementation]
+
tail -F once again notices changes in a currently unavailable
remote directory [bug introduced in coreutils-7.5]
diff --git a/src/csplit.c b/src/csplit.c
index 40baba8..57543f0 100644
--- a/src/csplit.c
+++ b/src/csplit.c
@@ -1372,10 +1372,11 @@ main (int argc, char **argv)
usage (EXIT_FAILURE);
}
- if (suffix)
- filename_space = xmalloc (strlen (prefix) + max_out (suffix) + 2);
- else
- filename_space = xmalloc (strlen (prefix) + digits + 2);
+ unsigned int max_digit_string_len
+ = (suffix
+ ? max_out (suffix)
+ : MAX (INT_STRLEN_BOUND (unsigned int), digits));
+ filename_space = xmalloc (strlen (prefix) + max_digit_string_len + 1);
set_input_file (argv[optind++]);
--
1.7.3.2.4.g60aa9
- bug#7357: csplit: memory exhausted when using stdout / pipe instead of a file, Blinker| David Hofstee, 2010/11/09
- bug#7357: csplit: memory exhausted when using stdout / pipe instead of a file, Pádraig Brady, 2010/11/09
- bug#7357: csplit: memory exhausted when using stdout / pipe instead of a file, Pádraig Brady, 2010/11/10
- bug#7357: csplit: memory exhausted when using stdout / pipe instead of a file,
Jim Meyering <=
- bug#7357: csplit: memory exhausted when using stdout / pipe instead of a file, Pádraig Brady, 2010/11/10
- bug#7357: csplit: memory exhausted when using stdout / pipe instead of a file, Jim Meyering, 2010/11/10
- bug#7357: csplit: memory exhausted when using stdout / pipe instead of a file, Pádraig Brady, 2010/11/10
- bug#7357: csplit: memory exhausted when using stdout / pipe instead of a file, Jim Meyering, 2010/11/10
- bug#7357: csplit: memory exhausted when using stdout / pipe instead of a file, Pádraig Brady, 2010/11/10
- bug#7357: csplit: memory exhausted when using stdout / pipe instead of a file, Bob Proulx, 2010/11/10
- bug#7357: csplit: memory exhausted when using stdout / pipe instead of a file, Jim Meyering, 2010/11/11
- bug#7357: csplit: memory exhausted when using stdout / pipe instead of a file, Paul Eggert, 2010/11/10
- bug#7357: csplit: memory exhausted when using stdout / pipe instead of a file, Eric Blake, 2010/11/10
- bug#7357: csplit: memory exhausted when using stdout / pipe instead of a file, Paul Eggert, 2010/11/10