[Toybox] Sigh. Anybody spot the bug?

Wed Jul 3 11:56:46 PDT 2013

Rob Landley wrote:
> Tail has a double free somewhere. (Aboriginal's more/buildall.sh is  
> complaining, that uses toybox in host-tools.) Haven't had time to track  
> it down yet, wondering if anybody else could spot it.
> 
>  From the behavior it's looking like it's on file close...
[...]

It seems reproducible when using tail on non-seekable files which are bigger
than count*sizeof(toybuf) and contain no newlines.

The following seems to fix it. I don't really understand the code though.

diff -r f8db1f6ec4ab toys/posix/tail.c

--- a/toys/posix/tail.c	Tue Jul 02 00:16:16 2013 -0500
+++ b/toys/posix/tail.c	Wed Jul 03 20:54:24 2013 +0200
@@ -168,7 +168,7 @@
         }
 
         if (lines) {
-          if(try[count] != '\n' && count != len-1) continue;
+          if(try[count] != '\n') continue;
           if (lines<0) {
             if (!++lines) ++lines;
             continue;


Felix

 1372877806.0
