[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #48433] lkbib with empty file dumps core
From: |
Osamu Sayama |
Subject: |
[bug #48433] lkbib with empty file dumps core |
Date: |
Thu, 7 Jul 2016 07:02:34 +0000 (UTC) |
User-agent: |
Mozilla/5.0 (X11; SunOS i86pc; rv:17.0) Gecko/20100101 Firefox/17.0 |
URL:
<http://savannah.gnu.org/bugs/?48433>
Summary: lkbib with empty file dumps core
Project: GNU troff
Submitted by: sayama
Submitted on: Thu 07 Jul 2016 07:02:31 AM GMT
Severity: 3 - Normal
Item Group: Crash
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Planned Release: None
_______________________________________________________
Details:
In Solaris, I got the bug report that lkbib dumps core with the following
operation.
---
% touch ./a.i
% LD_PRELOAD=libumem.so.1 UMEM_OPTIONS=backend=mmap \
UMEM_DEBUG=default,firewall=1 /usr/bin/lkbib -p ./a
Segmentation Fault (core dumped)
% pstack core
core 'core' of 1509: /usr/bin/lkbib -p ./a
00000000004094fa __1cRindex_search_itemEload6Mi_i_ () + 10a
0000000000409ad0 __1cWmake_index_search_item6Fpkci_pnLsearch_item__ () + e0
000000000040ea47 __1cLsearch_listIadd_file6Mpkci_v_ () + 27
0000000000408614 main () + f4
00000000004083a4 ???????? ()
---
Then it looks that this core dump occurs at the following point.
---
src/libs/libbib/index.cpp
;
int index_search_item::load(int fd)
:
mtime = sb.st_mtime;
int size = int(sb.st_size); <= size is 0
:
map_addr = mapread(fd, size);
:
else {
addr = buffer = (char *)malloc(size); <= malloc(0)
:
header = *(index_header *)addr; <= Segv
---
>From the specification of malloc() in the standard (ex, C11),
---
I can see C11 draft version from
http://open-std.org/JTC1/SC22/WG14/www/docs/n1548.pdf
p 347 7.22.3 Memory management functions
--
If the size of the space requested is zero, the behavior is
implementation-defined: either a null pointer is returned, or the behavior
is as if the size were some nonzero value, except that the returned pointer
shall not be used to access an object.
---
There is the possibility that it returns pointer shall not be used to access
an object on some platform. So I think it's nice to check the size of file
to avoid core dump.
---
--- groff-1.22.3/src/libs/libbib/index.cpp.org 2014-11-04 17:38:35.183524522
+0900
+++ groff-1.22.3/src/libs/libbib/index.cpp 2016-07-07 09:41:11.572149218
+0900
@@ -158,6 +158,10 @@
}
mtime = sb.st_mtime;
int size = int(sb.st_size);
+ if (size == 0) {
+ error("`%1' is an empty file", name);
+ return 0;
+ }
char *addr;
map_addr = mapread(fd, size);
if (map_addr) {
---
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?48433>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [bug #48433] lkbib with empty file dumps core,
Osamu Sayama <=