[Toybox] Sigh. Anybody spot the bug?
Isaac
idunham at lavabit.com
Sat Jul 6 14:25:44 PDT 2013
On Sat, Jul 06, 2013 at 03:52:02PM +0200, Felix Janda wrote:
> Isaac wrote:
> > On Wed, Jul 03, 2013 at 08:56:46PM +0200, Felix Janda wrote:
> > > Rob Landley wrote:
> > > > Tail has a double free somewhere. (Aboriginal's more/buildall.sh is
> > > > complaining, that uses toybox in host-tools.) Haven't had time to track
> > > > it down yet, wondering if anybody else could spot it.
> > > >
> > > > From the behavior it's looking like it's on file close...
> > > [...]
> > >
> > > It seems reproducible when using tail on non-seekable files which are bigger
> > > than count*sizeof(toybuf) and contain no newlines.
> >
> > I presume this is with TAIL_SEEK=y.
>
> No. With TAIL_SEEK=n it's even easier to trigger. Just try to tail any large file.
>
> > I'm not sure what "count*sizeof(toybuf)" means since count is a loop counter.
> > Would a 4097-byte file with no \n cause it? Or 512*4096+1?
> > (I'm wanting to test the other proposed solution.)
>
> With count I meant the argument to the -n option (default 10). (Sorry for the
> confusion.) Just do a
>
> yes | paste -s | tail
>
> to trigger the bug.
Thanks.
A test for this might be good; perhaps something along the lines of
{ for i in `seq 4097`; do printf "a"; done; } |tail -n 1
with the other side being "$(for i in `seq 4097`; do printf "a"; done)"
AFAICT, the old code meant "each buffer end is treated as a line end",
which would appear to result in a high line count in some circumstances.
Isaac Dunham
1373145944.0
More information about the Toybox
mailing list