Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Jim Meyering <jim <at> meyering.net>
Subject: Re: [Bug 220312] New: /bin/cut dumps core when searching for non-existent field in multiple files
Newsgroups: gmane.comp.gnu.core-utils.bugs
Date: Wednesday 20th December 2006 13:28:42 UTC (over 10 years ago)
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=220312
>
>            Summary: /bin/cut dumps core when searching for non-existent
>                     field in multiple files
>            Product: Fedora Core
>            Version: fc6
>           Platform: All
>         OS/Version: Linux
>             Status: NEW
>          Component: coreutils
>
> The /bin/cut command core dumps when used to search multiple files for a
> non-existent field...
>
> # create 2 files with 1 field apiece
> echo 1 > a
> echo 1 > b
> cut -f1 *    # works
> cut -f1- *   # works
> cut -f2 *    # works
> cut -f2- a   # works, although there is only 1 field in the file
> cut -f2- a b # fails (see below)
>
>> cut -f2- *
> 1
> 1
> *** glibc detected *** cut: double free or corruption (fasttop):
0x09fce1b0 ***
> ======= Backtrace: =========

Thank you for the bug report!
It affects even the latest upstream: coreutils-6.7.
Here's the fix I've just committed:

2006-12-20  Jim Meyering  <[email protected]>

	"cut -f 2- A B" no longer triggers a double-free bug
	* src/cut.c (cut_fields): Set file-scoped global to NULL after
	freeing it.  This avoids a double-free (and core dump on some systems)
	for this usage: "echo 1>a; echo 2>b; cut -f2- a b".  Reported by
	James Hunt in <http://bugzilla.redhat.com/220312>.
	* NEWS: List this bug fix.
	* THANKS: Mention him.
	* tests/misc/cut: New file.
	* tests/misc/Makefile.am (TESTS): Add cut.

diff --git a/NEWS b/NEWS
index 528c2b0..d4e73a8 100644
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,10 @@ GNU coreutils NEWS                                   
-*- outline -*-
   chmod no longer fails in an environment (e.g., a chroot) with openat
   support but with insufficient /proc support.

+  cut no longer dumps core for usage like "cut -f2- f1 f2" with two or
+  more file arguments.  This was due to a double-free bug, introduced
+  in coreutils-5.3.0.
+
 * Noteworthy changes in release 6.7 (2006-12-08) [stable]

 ** Bug fixes
diff --git a/THANKS b/THANKS
index 986167d..fb49eca 100644
--- a/THANKS
+++ b/THANKS
@@ -208,6 +208,7 @@ Ivo Timmermans                      [email protected]
 James                               [email protected]
 James Antill                       
[email protected]
 James Lemley                        [email protected]
+James Hunt                          [email protected]
 James Sneeringer                    [email protected]
 James Tanis                         [email protected]
 James Youngman                      [email protected]
diff --git a/src/cut.c b/src/cut.c
index 73277fa..c9b8359 100644
--- a/src/cut.c
+++ b/src/cut.c
@@ -606,6 +606,7 @@ cut_fields (FILE *stream)
 	  if (len < 0)
 	    {
 	      free (field_1_buffer);
+	      field_1_buffer = NULL;
 	      if (ferror (stream) || feof (stream))
 		break;
 	      xalloc_die ();
diff --git a/tests/misc/Makefile.am b/tests/misc/Makefile.am
index 8ff26e7..20ebeeb 100644
--- a/tests/misc/Makefile.am
+++ b/tests/misc/Makefile.am
@@ -36,6 +36,7 @@ TESTS_ENVIRONMENT = \
 # will execute the test script rather than the standard utility.

 TESTS = \
+  cut \
   wc-files0-from \
   wc-files0 \
   cat-proc \
diff --git a/tests/misc/cut b/tests/misc/cut
new file mode 100755
index 0000000..3db4c9b
--- /dev/null
+++ b/tests/misc/cut
@@ -0,0 +1,51 @@
+#!/bin/sh
+# Test "cut".                                                   -*- perl
-*-
+
+# Copyright (C) 2006 Free Software Foundation, Inc.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301, USA.
+
+: ${PERL=perl}
+: ${srcdir=.}
+
+$PERL -e 1 > /dev/null 2>&1 || {
+  echo 1>&2 "$0: configure didn't find a usable version of Perl," \
+    "so can't run this test"
+  exit 77
+}
+
+exec $PERL -w -I$srcdir/.. -MCoreutils -- - <<\EOF
+require 5.003;
+use strict;
+
+(my $ME = $0) =~ s|.*/||;
+
+# Turn off localisation of executable's ouput.
[email protected]{qw(LANGUAGE LANG LC_ALL)} = ('C') x 3;
+
+my @Tests =
+  (
+  # Provoke a double-free in cut from coreutils-6.7.
+  ['dbl-free', '-f2-', {IN=>{f=>'x'}}, {IN=>{g=>'y'}}, {OUT=>"x\ny\n"}],
+  );
+
+my $save_temps = $ENV{DEBUG};
+my $verbose = $ENV{VERBOSE};
+
+my $prog = 'cut';
+my $fail = run_tests ($ME, $prog, \@Tests, $save_temps, $verbose);
+exit $fail;
+EOF
 
CD: 4ms