[Toybox] Sigh. Anybody spot the bug?
Isaac
idunham at lavabit.com
Sat Jul 6 06:42:21 PDT 2013
On Wed, Jul 03, 2013 at 08:56:46PM +0200, Felix Janda wrote:
> Rob Landley wrote:
> > Tail has a double free somewhere. (Aboriginal's more/buildall.sh is
> > complaining, that uses toybox in host-tools.) Haven't had time to track
> > it down yet, wondering if anybody else could spot it.
> >
> > From the behavior it's looking like it's on file close...
> [...]
>
> It seems reproducible when using tail on non-seekable files which are bigger
> than count*sizeof(toybuf) and contain no newlines.
I presume this is with TAIL_SEEK=y.
I'm not sure what "count*sizeof(toybuf)" means since count is a loop counter.
Would a 4097-byte file with no \n cause it? Or 512*4096+1?
(I'm wanting to test the other proposed solution.)
> The following seems to fix it. I don't really understand the code though.
>
> diff -r f8db1f6ec4ab toys/posix/tail.c
> --- a/toys/posix/tail.c Tue Jul 02 00:16:16 2013 -0500
> +++ b/toys/posix/tail.c Wed Jul 03 20:54:24 2013 +0200
> @@ -168,7 +168,7 @@
> }
>
> if (lines) {
> - if(try[count] != '\n' && count != len-1) continue;
> + if(try[count] != '\n') continue;
> if (lines<0) {
> if (!++lines) ++lines;
> continue;
1373118141.0
More information about the Toybox
mailing list