GNU logs - #76613, boring messages

Message sent to bug-diffutils@HIDDEN:

Subject: bug#76613: diff -y crashes with apparent memory corruption
Resent-From: "Nick Smallbone" <nick@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-diffutils@HIDDEN
Resent-Date: Thu, 27 Feb 2025 17:59:03 +0000
Resent-Message-ID: <handler.76613.B.174067908414711 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
To: 76613 <at> debbugs.gnu.org
Feedback-ID: ic1c842cf:Fastmail
MIME-Version: 1.0
Date: Thu, 27 Feb 2025 11:04:03 +0100
From: "Nick Smallbone" <nick@HIDDEN>
Message-Id: <c4a9f6ca-57e1-47b5-886b-adb0be409b7f@HIDDEN>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Received-SPF: pass client-ip=103.168.172.149; envelope-from=nick@HIDDEN;
 helo=fout-a6-smtp.messagingengine.com
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001,
 RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 0.7 (/)
X-Mailman-Approved-At: Thu, 27 Feb 2025 12:58:01 -0500
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.3 (/)

Hi,

I'm running diffutils-3.11, downloaded from ftp.gnu.org and built with ./configure && make (no options given).

I'm seeing the problem that diff -y is crashing with various malloc-related errors. Here is an example. First I create two files a and b like so:

% seq 1 100 > a
% seq 1 100 | grep -v 50 > b

Then I run diff -y a b, which crashes with an error in free():

% diff -y a b
free(): corrupted unsorted chunks
zsh: IOT instruction  src/diff -y ~/a ~/b

I haven't looked into the source to find out the problem, but I did compile a debug build and run it under Valgrind. It detected some memory corruption - here is the report:

==9602== Memcheck, a memory error detector
==9602== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al.
==9602== Using Valgrind-3.24.0 and LibVEX; rerun with -h for copyright info
==9602== Command: src/diff -y /home/nick/a /home/nick/b
==9602== 
==9602== Invalid write of size 8
==9602==    at 0x40EC8A: find_and_hash_each_line (io.c:1017)
==9602==    by 0x40FBAA: read_files (io.c:1366)
==9602==    by 0x40596C: diff_2_files (analyze.c:463)
==9602==    by 0x409B1F: compare_prepped_files (diff.c:1371)
==9602==    by 0x40ADBF: compare_files (diff.c:1633)
==9602==    by 0x408834: main (diff.c:881)
==9602==  Address 0x4b12f80 is 0 bytes after a block of size 656 alloc'd
==9602==    at 0x4850C7C: realloc (vg_replace_malloc.c:1801)
==9602==    by 0x41A8A6: rpl_realloc (stdlib.h:2066)
==9602==    by 0x41CE27: xrealloc (xmalloc.c:66)
==9602==    by 0x41D196: xpalloc (xmalloc.c:271)
==9602==    by 0x40EC4A: find_and_hash_each_line (io.c:1013)
==9602==    by 0x40FBAA: read_files (io.c:1366)
==9602==    by 0x40596C: diff_2_files (analyze.c:463)
==9602==    by 0x409B1F: compare_prepped_files (diff.c:1371)
==9602==    by 0x40ADBF: compare_files (diff.c:1633)
==9602==    by 0x408834: main (diff.c:881)
==9602== 
--9602-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting
--9602-- si_code=1;  Faulting address: 0x9622BA0;  sp: 0x1002cf6e20

valgrind: the 'impossible' happened:
   Killed by fatal signal

host stacktrace:
==9602==    at 0x5804AE1F: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
==9602==    by 0x58004E0C: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
==9602==    by 0x58005203: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
==9602==    by 0x58097E37: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
==9602==    by 0x580E1E1A: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)

sched status:
  running_tid=1

Thread 1: status = VgTs_Runnable (lwpid 9602)
==9602==    at 0x4850A5F: calloc (vg_replace_malloc.c:1675)
==9602==    by 0x4160B0: icalloc (ialloc.h:91)
==9602==    by 0x41D239: xicalloc (xmalloc.c:304)
==9602==    by 0x41D1E7: xizalloc (xmalloc.c:289)
==9602==    by 0x405E39: diff_2_files (analyze.c:529)
==9602==    by 0x409B1F: compare_prepped_files (diff.c:1371)
==9602==    by 0x40ADBF: compare_files (diff.c:1633)
==9602==    by 0x408834: main (diff.c:881)
client stack range: [0x1FFEFFD000 0x1FFF000FFF] client SP: 0x1FFEFFEDA0
valgrind stack range: [0x1002BF7000 0x1002CF6FFF] top usage: 7272 of 1048576

Nick

Message sent:

Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailer: MIME-tools 5.505 (Entity 5.505)
Content-Type: text/plain; charset=utf-8
X-Loop: help-debbugs@HIDDEN
From: help-debbugs@HIDDEN (GNU bug Tracking System)
To: "Nick Smallbone" <nick@HIDDEN>
Subject: bug#76613: Acknowledgement (diff -y crashes with apparent memory
 corruption)
Message-ID: <handler.76613.B.174067908414711.ack <at> debbugs.gnu.org>
References: <c4a9f6ca-57e1-47b5-886b-adb0be409b7f@HIDDEN>
X-Gnu-PR-Message: ack 76613
X-Gnu-PR-Package: diffutils
Reply-To: 76613 <at> debbugs.gnu.org
Date: Thu, 27 Feb 2025 17:59:03 +0000

Thank you for filing a new bug report with debbugs.gnu.org.

This is an automatically generated reply to let you know your message
has been received.

Your message is being forwarded to the package maintainers and other
interested parties for their attention; they will reply in due course.

Your message has been sent to the package maintainer(s):
 bug-diffutils@HIDDEN

If you wish to submit further information on this problem, please
send it to 76613 <at> debbugs.gnu.org.

Please do not send mail to help-debbugs@HIDDEN unless you wish
to report a problem with the Bug-tracking system.

--=20
76613: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D76613
GNU Bug Tracking System
Contact help-debbugs@HIDDEN with problems

Message sent to bug-diffutils@HIDDEN:

Subject: bug#76613: [bug-diffutils] bug#76613: diff -y crashes with apparent memory corruption
Resent-From: Paul Eggert <eggert@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-diffutils@HIDDEN
Resent-Date: Thu, 27 Feb 2025 19:14:03 +0000
Resent-Message-ID: <handler.76613.B76613.174068359630649 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
To: Nick Smallbone <nick@HIDDEN>
Cc: 76613 <at> debbugs.gnu.org
Message-ID: <bc7c4558-1968-4c58-b03e-ab41a3177418@HIDDEN>
Date: Thu, 27 Feb 2025 11:13:06 -0800
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
References: <c4a9f6ca-57e1-47b5-886b-adb0be409b7f@HIDDEN>
Content-Language: en-US
From: Paul Eggert <eggert@HIDDEN>
Organization: UCLA Computer Science Department
In-Reply-To: <c4a9f6ca-57e1-47b5-886b-adb0be409b7f@HIDDEN>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Precedence: list
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>

Thanks for the bug report. I can reproduce it with gcc 
-fsanitize=address on Ubuntu 24.10 x86-64. I plan to take a look at it soon.

Message sent to bug-diffutils@HIDDEN:

Subject: bug#76613: [bug-diffutils] bug#76613: bug#76613: diff -y crashes with apparent memory corruption
Resent-From: Collin Funk <collin.funk1@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-diffutils@HIDDEN
Resent-Date: Fri, 28 Feb 2025 04:37:03 +0000
Resent-Message-ID: <handler.76613.B76613.174071737432613 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
To: Paul Eggert <eggert@HIDDEN>
Cc: 76613 <at> debbugs.gnu.org, Nick Smallbone <nick@HIDDEN>
From: Collin Funk <collin.funk1@HIDDEN>
In-Reply-To: <bc7c4558-1968-4c58-b03e-ab41a3177418@HIDDEN>
References: <c4a9f6ca-57e1-47b5-886b-adb0be409b7f@HIDDEN>
 <bc7c4558-1968-4c58-b03e-ab41a3177418@HIDDEN>
Date: Thu, 27 Feb 2025 20:35:57 -0800
Message-ID: <87a5a6wus2.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
Precedence: list
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hi Paul,

Paul Eggert <eggert@HIDDEN> writes:

> Thanks for the bug report. I can reproduce it with gcc
> -fsanitize=3Daddress on Ubuntu 24.10 x86-64. I plan to take a look at it
> soon.

I see -fsanitize=3Daddress and valgrind fail this test starting at this
commit f54e901c329ba7b7d98ecae2571712f43444c2bd:

    maint: use xpalloc=20=20=20=20
    * bootstrap.conf (gnulib_modules): Add ialloc, to document
    the now-direct dependency.
    * src/diff.c (add_regexp):
    * src/diff3.c (read_diff):
    * src/dir.c (dir_read):
    * src/io.c (slurp, find_and_hash_each_line, find_identical_ends):
    * src/sdiff.c (diffarg):
    Prefer xpalloc to doing it by hand.
    * src/io.c: Include ialloc.h, for irealloc.
    (equivs_alloc): Now idx_t, not lin, for xpalloc.
    (sip): Don=E2=80=99t bother subtracting 2 * sizeof (word) from the
    buffer_lcm upper bound, as later code works anyway now.
    (slurp): Simplify buffer allocation so that xpalloc can be used.
    Use irealloc for speculative reallocation, since the code could
    work anyway if the irealloc fails.  Use current->eof to check
    for EOF, rather than the less-intuitive buffer size checks.

The previous commit passes it. Here are the relevant lines:

@@ -419,17 +411,16 @@ find_and_hash_each_line (struct file_data *current)
       /* Maybe increase the size of the line table.  */
       if (line =3D=3D alloc_lines)
         {
-          /* Double (alloc_lines - linbuf_base) by adding to alloc_lines. =
 */
-          if (IDX_MAX / 3 <=3D alloc_lines
-              || IDX_MAX / sizeof *cureqs <=3D 2 * alloc_lines - linbuf_ba=
se
-              || IDX_MAX / sizeof *linbuf <=3D alloc_lines - linbuf_base)
-            xalloc_die ();
-          alloc_lines =3D 2 * alloc_lines - linbuf_base;
-          cureqs =3D xirealloc (cureqs, alloc_lines * sizeof *cureqs);
+         idx_t eqs_max =3D MIN (LIN_MAX, IDX_MAX / sizeof *cureqs);
+
+         /* Grow (alloc_lines - linbuf_base) by adding to alloc_lines.  */
+         idx_t n =3D alloc_lines - linbuf_base;
           linbuf +=3D linbuf_base;
-          linbuf =3D xirealloc (linbuf,
-                             (alloc_lines - linbuf_base) * sizeof *linbuf);
+         linbuf =3D xpalloc (linbuf, &n, 1, eqs_max - linbuf_base,
+                           sizeof *linbuf);
           linbuf -=3D linbuf_base;
+         alloc_lines =3D linbuf_base + n;
+          cureqs =3D xirealloc (cureqs, alloc_lines * sizeof *cureqs);
         }
       linbuf[line] =3D ip;
       cureqs[line] =3D i;
@@ -445,16 +436,13 @@ find_and_hash_each_line (struct file_data *current)
          so that we can compute the length of any buffered line.  */
       if (line =3D=3D alloc_lines)
         {
-          /* Double (alloc_lines - linbuf_base) by adding to alloc_lines. =
 */
-          if (IDX_MAX / 3 <=3D alloc_lines
-              || IDX_MAX / sizeof *cureqs <=3D 2 * alloc_lines - linbuf_ba=
se
-              || IDX_MAX / sizeof *linbuf <=3D alloc_lines - linbuf_base)
-            xalloc_die ();
-          alloc_lines =3D 2 * alloc_lines - linbuf_base;
-          linbuf +=3D linbuf_base;
-          linbuf =3D xirealloc (linbuf,
-                             (alloc_lines - linbuf_base) * sizeof *linbuf);
-          linbuf -=3D linbuf_base;
+         /* Grow (alloc_lines - linbuf_base) by adding to alloc_lines.  */
+         idx_t n =3D alloc_lines - linbuf_base;
+         linbuf +=3D linbuf_base;
+         linbuf =3D xpalloc (linbuf, &n, 1, MAX (0, IDX_MAX - linbuf_base),
+                           sizeof *linbuf);
+         linbuf -=3D linbuf_base;
+         alloc_lines =3D n - linbuf_base;
         }
       linbuf[line] =3D p;

In the original version alloc_lines is calculated as
2 * alloc_lines - linbuf_base in both hunks. Afterwards it is
linbuf_base + n in one section and n - linbuf_base in the other.

I've attached a patch that satisfies sanitizers, but maybe I am missing
something in this code...

Collin


--=-=-=
Content-Type: text/x-patch
Content-Disposition: attachment;
 filename=0001-diff-fix-allocation-size-computation-that-could-caus.patch

From 03e529dd69d50c247a217b9b659659538dfa397a Mon Sep 17 00:00:00 2001
From: Collin Funk <collin.funk1@HIDDEN>
Date: Thu, 27 Feb 2025 20:15:55 -0800
Subject: [PATCH] diff: fix allocation size computation that could cause bad
 writes

Reported by Nick Smallbone <nick@HIDDEN> in:
<https://lists.gnu.org/r/bug-diffutils/2025-02/msg00012.html>.

* src/io.c (find_and_hash_each_line): Fix size computation.
---
 src/io.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/io.c b/src/io.c
index a62c529..adb4f50 100644
--- a/src/io.c
+++ b/src/io.c
@@ -1012,7 +1012,7 @@ find_and_hash_each_line (struct file_data *current)
 	  linbuf += linbuf_base;
 	  linbuf = xpalloc (linbuf, &n, 1, -1, sizeof *linbuf);
 	  linbuf -= linbuf_base;
-	  alloc_lines = n - linbuf_base;
+          alloc_lines = linbuf_base + n;
         }
       linbuf[line] = p;
 
-- 
2.48.1


--=-=-=--

Message sent:

MIME-Version: 1.0
X-Mailer: MIME-tools 5.505 (Entity 5.505)
X-Loop: help-debbugs@HIDDEN
From: help-debbugs@HIDDEN (GNU bug Tracking System)
To: Paul Eggert <eggert@HIDDEN>
Subject: bug#76613: closed (diff -y crashes with apparent memory corruption)
CC: tracker <at> debbugs.gnu.org
Message-ID: <handler.76613.D76613.174081338023299.ackdone <at> debbugs.gnu.org>
References: <93e018b2-adc6-458c-924b-0938aeb90d0f@HIDDEN>
 <c4a9f6ca-57e1-47b5-886b-adb0be409b7f@HIDDEN>
X-Gnu-PR-Message: closed 76613
X-Gnu-PR-Package: diffutils
Date: Sat, 01 Mar 2025 07:17:02 +0000
Content-Type: multipart/mixed; boundary="----------=_1740813422-23502-0"

This is a multi-part message in MIME format...

------------=_1740813422-23502-0
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=utf-8

Your message dated Fri, 28 Feb 2025 23:16:07 -0800
with message-id <93e018b2-adc6-458c-924b-0938aeb90d0f@HIDDEN>
and subject line Re: [bug-diffutils] bug#76613: bug#76613: diff -y crashes =
with apparent memory corruption
has caused the debbugs.gnu.org bug report #76613,
regarding diff -y crashes with apparent memory corruption
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs@HIDDEN)


--=20
76613: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D76613
GNU Bug Tracking System
Contact help-debbugs@HIDDEN with problems

------------=_1740813422-23502-0
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at submit) by debbugs.gnu.org; 27 Feb 2025 17:58:04 +0000
Received: from localhost ([127.0.0.1]:37443 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tni95-0003p6-F4
	for submit <at> debbugs.gnu.org; Thu, 27 Feb 2025 12:58:04 -0500
Received: from lists.gnu.org ([2001:470:142::17]:45562)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <nick@HIDDEN>) id 1tnal5-0004ab-Bt
 for submit <at> debbugs.gnu.org; Thu, 27 Feb 2025 05:04:49 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <nick@HIDDEN>) id 1tnakv-0000Fd-T4
 for bug-diffutils@HIDDEN; Thu, 27 Feb 2025 05:04:38 -0500
Received: from fout-a6-smtp.messagingengine.com ([103.168.172.149])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <nick@HIDDEN>) id 1tnakt-0005bb-VH
 for bug-diffutils@HIDDEN; Thu, 27 Feb 2025 05:04:37 -0500
Received: from phl-compute-01.internal (phl-compute-01.phl.internal
 [10.202.2.41])
 by mailfout.phl.internal (Postfix) with ESMTP id B6C0F1382F1D
 for <bug-diffutils@HIDDEN>; Thu, 27 Feb 2025 05:04:31 -0500 (EST)
Received: from phl-imap-04 ([10.202.2.82])
 by phl-compute-01.internal (MEProxy); Thu, 27 Feb 2025 05:04:31 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smallbone.se; h=
 cc:content-transfer-encoding:content-type:content-type:date:date
 :from:from:in-reply-to:message-id:mime-version:reply-to:subject
 :subject:to:to; s=fm3; t=1740650671; x=1740737071; bh=AvXOEXJDLv
 x5xdcpmZd3zsUJhxU0/AE5R+49ASmCwN0=; b=aSMbJodZ3xg3PbwHWdttq6gkqE
 2ibD5Xezw7rMucl2i/d42joZ4SWgCKSB0UCPgHTwAFjolgnH83Osr2jVEE734QlJ
 w7YZ5ENmo6yxb47gDez+ASkXNM1vQ17lPCuNerclfBbRMA9A3EarhvR45YpvAQEi
 9WOhg1jTW79+tmbRVwXZ+fc+zrnu9waaA+SxuN1DHTTpcnmqYPDYpGkbdNy5s4X7
 JgtaTREi749e7mdFKsTRAn7lEQhxbKvAUKhpOjMCkB2rc0yM54apTMAUgtvunCcp
 7pvNEMepCUR3WmBWWfmQeSbGu7r4usNPFV1mMgSPs8o5tKj+eqeOSIksAx1Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-transfer-encoding:content-type
 :content-type:date:date:feedback-id:feedback-id:from:from
 :in-reply-to:message-id:mime-version:reply-to:subject:subject:to
 :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=
 1740650671; x=1740737071; bh=AvXOEXJDLvx5xdcpmZd3zsUJhxU0/AE5R+4
 9ASmCwN0=; b=My5M0pcyz99LFAjaJIb4yh4FXjCwtAm9JW/e7+JqbZhJpW7WWux
 ZTaxVmzEM9g5OZwD0rcpz+0DN/m636GSzj01VdCGx8wbcWOcWYWl4grnOn+CFVK+
 USbUOnGE9KFlLqbZibOnwphZQnbiVe28qNUrx6uxGtWq1Gvomglme88x5smty30O
 Pwikchh9BnXngjsoGrAD9VS66qHr4yn3iIKQFZpwxPLPyJOp/pJ77z0KL6NasYok
 joSADc7EJPHfdR/per7pWqnsgZJRibCcjevzZiqT+JF2BEhnKmuuZktcCDyOICZ5
 4ckP1/gSmLasT72DZSi5x0L9FpzKpobblVg==
X-ME-Sender: <xms:rzjAZxBC6cjC407CDm3ukz_RwB76mDBKPbuoJchuFu4UQtE9m5kVAA>
 <xme:rzjAZ_icYSuxHI2ZDQqzz1xdxIei6MrgUwIvyyIxwE3fUIFXvdSgmXrV6jbWxY82D
 zdX2mJiUYQM2apWbg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdekjedukecutefuodetggdotefrod
 ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp
 uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecunecujfgurhepofggff
 fhvffkufgtgfesthejredtredttdenucfhrhhomhepfdfpihgtkhcuufhmrghllhgsohhn
 vgdfuceonhhitghksehsmhgrlhhlsghonhgvrdhsvgeqnecuggftrfgrthhtvghrnhepff
 dugffghfekteehfffhjeeiteejhfdvffffuefhudfgledviefggfdtvdegvdetnecuffho
 mhgrihhnpehgnhhurdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpe
 hmrghilhhfrhhomhepnhhitghksehsmhgrlhhlsghonhgvrdhsvgdpnhgspghrtghpthht
 ohepuddpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepsghughdqughifhhfuhhtih
 hlshesghhnuhdrohhrgh
X-ME-Proxy: <xmx:rzjAZ8n9luerjGATVovW4O0OKb0e09VuHwfkfb6bxKNl7trE72Eu1g>
 <xmx:rzjAZ7wQfMustD_DV_vQPzliBGbvdcBXRPRPDHWghdKWhu0FVBpGcg>
 <xmx:rzjAZ2TMb8yGzf-2AFz7KljBdOQptJkTlNcjS2ZPZKr1sTZQGICpHg>
 <xmx:rzjAZ-Z6UiI4UpbgFqzgKRTUmA12Wi6LfkaVV_8iVOXyOeRXm6YChQ>
 <xmx:rzjAZ_6qcE_XVYzM-s2VEtzU0Sh6HXD1CQ1LoiIIWgahzyec-GABG7qQ>
Feedback-ID: ic1c842cf:Fastmail
Received: by mailuser.phl.internal (Postfix, from userid 501)
 id 5BA852E60088; Thu, 27 Feb 2025 05:04:31 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
MIME-Version: 1.0
Date: Thu, 27 Feb 2025 11:04:03 +0100
From: "Nick Smallbone" <nick@HIDDEN>
To: bug-diffutils@HIDDEN
Message-Id: <c4a9f6ca-57e1-47b5-886b-adb0be409b7f@HIDDEN>
Subject: diff -y crashes with apparent memory corruption
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Received-SPF: pass client-ip=103.168.172.149; envelope-from=nick@HIDDEN;
 helo=fout-a6-smtp.messagingengine.com
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001,
 RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 0.7 (/)
X-Debbugs-Envelope-To: submit
X-Mailman-Approved-At: Thu, 27 Feb 2025 12:58:01 -0500
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.3 (/)

Hi,

I'm running diffutils-3.11, downloaded from ftp.gnu.org and built with ./configure && make (no options given).

I'm seeing the problem that diff -y is crashing with various malloc-related errors. Here is an example. First I create two files a and b like so:

% seq 1 100 > a
% seq 1 100 | grep -v 50 > b

Then I run diff -y a b, which crashes with an error in free():

% diff -y a b
free(): corrupted unsorted chunks
zsh: IOT instruction  src/diff -y ~/a ~/b

I haven't looked into the source to find out the problem, but I did compile a debug build and run it under Valgrind. It detected some memory corruption - here is the report:

==9602== Memcheck, a memory error detector
==9602== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al.
==9602== Using Valgrind-3.24.0 and LibVEX; rerun with -h for copyright info
==9602== Command: src/diff -y /home/nick/a /home/nick/b
==9602== 
==9602== Invalid write of size 8
==9602==    at 0x40EC8A: find_and_hash_each_line (io.c:1017)
==9602==    by 0x40FBAA: read_files (io.c:1366)
==9602==    by 0x40596C: diff_2_files (analyze.c:463)
==9602==    by 0x409B1F: compare_prepped_files (diff.c:1371)
==9602==    by 0x40ADBF: compare_files (diff.c:1633)
==9602==    by 0x408834: main (diff.c:881)
==9602==  Address 0x4b12f80 is 0 bytes after a block of size 656 alloc'd
==9602==    at 0x4850C7C: realloc (vg_replace_malloc.c:1801)
==9602==    by 0x41A8A6: rpl_realloc (stdlib.h:2066)
==9602==    by 0x41CE27: xrealloc (xmalloc.c:66)
==9602==    by 0x41D196: xpalloc (xmalloc.c:271)
==9602==    by 0x40EC4A: find_and_hash_each_line (io.c:1013)
==9602==    by 0x40FBAA: read_files (io.c:1366)
==9602==    by 0x40596C: diff_2_files (analyze.c:463)
==9602==    by 0x409B1F: compare_prepped_files (diff.c:1371)
==9602==    by 0x40ADBF: compare_files (diff.c:1633)
==9602==    by 0x408834: main (diff.c:881)
==9602== 
--9602-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting
--9602-- si_code=1;  Faulting address: 0x9622BA0;  sp: 0x1002cf6e20

valgrind: the 'impossible' happened:
   Killed by fatal signal

host stacktrace:
==9602==    at 0x5804AE1F: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
==9602==    by 0x58004E0C: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
==9602==    by 0x58005203: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
==9602==    by 0x58097E37: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
==9602==    by 0x580E1E1A: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)

sched status:
  running_tid=1

Thread 1: status = VgTs_Runnable (lwpid 9602)
==9602==    at 0x4850A5F: calloc (vg_replace_malloc.c:1675)
==9602==    by 0x4160B0: icalloc (ialloc.h:91)
==9602==    by 0x41D239: xicalloc (xmalloc.c:304)
==9602==    by 0x41D1E7: xizalloc (xmalloc.c:289)
==9602==    by 0x405E39: diff_2_files (analyze.c:529)
==9602==    by 0x409B1F: compare_prepped_files (diff.c:1371)
==9602==    by 0x40ADBF: compare_files (diff.c:1633)
==9602==    by 0x408834: main (diff.c:881)
client stack range: [0x1FFEFFD000 0x1FFF000FFF] client SP: 0x1FFEFFEDA0
valgrind stack range: [0x1002BF7000 0x1002CF6FFF] top usage: 7272 of 1048576

Nick



------------=_1740813422-23502-0
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at 76613-done) by debbugs.gnu.org; 1 Mar 2025 07:16:20 +0000
Received: from localhost ([127.0.0.1]:59684 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1toH59-00063i-KS
	for submit <at> debbugs.gnu.org; Sat, 01 Mar 2025 02:16:19 -0500
Received: from mail.cs.ucla.edu ([131.179.128.66]:42680)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <eggert@HIDDEN>)
 id 1toH56-000636-MI
 for 76613-done <at> debbugs.gnu.org; Sat, 01 Mar 2025 02:16:17 -0500
Received: from localhost (localhost [127.0.0.1])
 by mail.cs.ucla.edu (Postfix) with ESMTP id 7A5FB3C01EBA1;
 Fri, 28 Feb 2025 23:16:09 -0800 (PST)
Received: from mail.cs.ucla.edu ([127.0.0.1])
 by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavis, port 10032) with ESMTP
 id TpQAPAHZicmr; Fri, 28 Feb 2025 23:16:07 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
 by mail.cs.ucla.edu (Postfix) with ESMTP id 5CDFE3C01EBA3;
 Fri, 28 Feb 2025 23:16:07 -0800 (PST)
DKIM-Filter: OpenDKIM Filter v2.10.3 mail.cs.ucla.edu 5CDFE3C01EBA3
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.ucla.edu;
 s=9D0B346E-2AEB-11ED-9476-E14B719DCE6C; t=1740813367;
 bh=7t4WHBnfZiCBKNR79JnlX3UqI7Bqmxo7AJvG5WIgtEE=;
 h=Message-ID:Date:MIME-Version:To:From;
 b=I2OPpteRkXBNs2durO5C9cAS3uvquUpPJOH0n6HrUjdiGIhrI28iwNbPcVjroPR17
 JAOJSVofLFitlsq9WQWeciUIAAD5liGXcSP+aHsNwrbvyV+AOUetA8KHDUdjlHNKBO
 eWosXEcxw1iqEh9P7upnpQbN+rbuQGOzN30ltBOW9d9a++/nACkd1bQqKFl+B9Jnor
 jZ0aGWdX0i+gpp2ASGdrKGFfEQiaKt8/5/OvyY0OfUY1V2zxNeQqRtxyE+/F0YoSV0
 ixVGAxbDLRDhxEumGvHHLVdXDjKjRnoKe50PfHwOx81l0aonCFLdtOy0BllAA+vQDY
 G+eGQv+kEWT/Q==
X-Virus-Scanned: amavis at mail.cs.ucla.edu
Received: from mail.cs.ucla.edu ([127.0.0.1])
 by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavis, port 10026) with ESMTP
 id QV0FWPgcGlvr; Fri, 28 Feb 2025 23:16:07 -0800 (PST)
Received: from [192.168.254.12] (unknown [47.147.225.25])
 by mail.cs.ucla.edu (Postfix) with ESMTPSA id 3CA343C01EBA1;
 Fri, 28 Feb 2025 23:16:07 -0800 (PST)
Message-ID: <93e018b2-adc6-458c-924b-0938aeb90d0f@HIDDEN>
Date: Fri, 28 Feb 2025 23:16:07 -0800
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [bug-diffutils] bug#76613: bug#76613: diff -y crashes with
 apparent memory corruption
To: Collin Funk <collin.funk1@HIDDEN>
References: <c4a9f6ca-57e1-47b5-886b-adb0be409b7f@HIDDEN>
 <bc7c4558-1968-4c58-b03e-ab41a3177418@HIDDEN> <87a5a6wus2.fsf@HIDDEN>
Content-Language: en-US
From: Paul Eggert <eggert@HIDDEN>
Organization: UCLA Computer Science Department
In-Reply-To: <87a5a6wus2.fsf@HIDDEN>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 76613-done
Cc: 76613-done <at> debbugs.gnu.org, Nick Smallbone <nick@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

On 2025-02-27 20:35, Collin Funk wrote:
> I've attached a patch that satisfies sanitizers

Thanks, that looks good, and I installed that one-line change along with 
a NEWS file notice and a test case. And thanks to Nick for reporting 
this. Closing the bug report.


------------=_1740813422-23502-0--

Message sent:

MIME-Version: 1.0
X-Mailer: MIME-tools 5.505 (Entity 5.505)
X-Loop: help-debbugs@HIDDEN
From: help-debbugs@HIDDEN (GNU bug Tracking System)
To: "Nick Smallbone" <nick@HIDDEN>
Subject: bug#76613: closed (Re: [bug-diffutils] bug#76613: bug#76613: diff
 -y crashes with apparent memory corruption)
Message-ID: <handler.76613.D76613.174081338023299.notifdone <at> debbugs.gnu.org>
References: <93e018b2-adc6-458c-924b-0938aeb90d0f@HIDDEN>
 <c4a9f6ca-57e1-47b5-886b-adb0be409b7f@HIDDEN>
X-Gnu-PR-Message: they-closed 76613
X-Gnu-PR-Package: diffutils
Reply-To: 76613 <at> debbugs.gnu.org
Date: Sat, 01 Mar 2025 07:17:03 +0000
Content-Type: multipart/mixed; boundary="----------=_1740813423-23502-1"

This is a multi-part message in MIME format...

------------=_1740813423-23502-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Your bug report

#76613: diff -y crashes with apparent memory corruption

which was filed against the diffutils package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 76613 <at> debbugs.gnu.org.

--=20
76613: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D76613
GNU Bug Tracking System
Contact help-debbugs@HIDDEN with problems

------------=_1740813423-23502-1
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at 76613-done) by debbugs.gnu.org; 1 Mar 2025 07:16:20 +0000
Received: from localhost ([127.0.0.1]:59684 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1toH59-00063i-KS
	for submit <at> debbugs.gnu.org; Sat, 01 Mar 2025 02:16:19 -0500
Received: from mail.cs.ucla.edu ([131.179.128.66]:42680)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <eggert@HIDDEN>)
 id 1toH56-000636-MI
 for 76613-done <at> debbugs.gnu.org; Sat, 01 Mar 2025 02:16:17 -0500
Received: from localhost (localhost [127.0.0.1])
 by mail.cs.ucla.edu (Postfix) with ESMTP id 7A5FB3C01EBA1;
 Fri, 28 Feb 2025 23:16:09 -0800 (PST)
Received: from mail.cs.ucla.edu ([127.0.0.1])
 by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavis, port 10032) with ESMTP
 id TpQAPAHZicmr; Fri, 28 Feb 2025 23:16:07 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
 by mail.cs.ucla.edu (Postfix) with ESMTP id 5CDFE3C01EBA3;
 Fri, 28 Feb 2025 23:16:07 -0800 (PST)
DKIM-Filter: OpenDKIM Filter v2.10.3 mail.cs.ucla.edu 5CDFE3C01EBA3
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.ucla.edu;
 s=9D0B346E-2AEB-11ED-9476-E14B719DCE6C; t=1740813367;
 bh=7t4WHBnfZiCBKNR79JnlX3UqI7Bqmxo7AJvG5WIgtEE=;
 h=Message-ID:Date:MIME-Version:To:From;
 b=I2OPpteRkXBNs2durO5C9cAS3uvquUpPJOH0n6HrUjdiGIhrI28iwNbPcVjroPR17
 JAOJSVofLFitlsq9WQWeciUIAAD5liGXcSP+aHsNwrbvyV+AOUetA8KHDUdjlHNKBO
 eWosXEcxw1iqEh9P7upnpQbN+rbuQGOzN30ltBOW9d9a++/nACkd1bQqKFl+B9Jnor
 jZ0aGWdX0i+gpp2ASGdrKGFfEQiaKt8/5/OvyY0OfUY1V2zxNeQqRtxyE+/F0YoSV0
 ixVGAxbDLRDhxEumGvHHLVdXDjKjRnoKe50PfHwOx81l0aonCFLdtOy0BllAA+vQDY
 G+eGQv+kEWT/Q==
X-Virus-Scanned: amavis at mail.cs.ucla.edu
Received: from mail.cs.ucla.edu ([127.0.0.1])
 by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavis, port 10026) with ESMTP
 id QV0FWPgcGlvr; Fri, 28 Feb 2025 23:16:07 -0800 (PST)
Received: from [192.168.254.12] (unknown [47.147.225.25])
 by mail.cs.ucla.edu (Postfix) with ESMTPSA id 3CA343C01EBA1;
 Fri, 28 Feb 2025 23:16:07 -0800 (PST)
Message-ID: <93e018b2-adc6-458c-924b-0938aeb90d0f@HIDDEN>
Date: Fri, 28 Feb 2025 23:16:07 -0800
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [bug-diffutils] bug#76613: bug#76613: diff -y crashes with
 apparent memory corruption
To: Collin Funk <collin.funk1@HIDDEN>
References: <c4a9f6ca-57e1-47b5-886b-adb0be409b7f@HIDDEN>
 <bc7c4558-1968-4c58-b03e-ab41a3177418@HIDDEN> <87a5a6wus2.fsf@HIDDEN>
Content-Language: en-US
From: Paul Eggert <eggert@HIDDEN>
Organization: UCLA Computer Science Department
In-Reply-To: <87a5a6wus2.fsf@HIDDEN>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 76613-done
Cc: 76613-done <at> debbugs.gnu.org, Nick Smallbone <nick@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

On 2025-02-27 20:35, Collin Funk wrote:
> I've attached a patch that satisfies sanitizers

Thanks, that looks good, and I installed that one-line change along with 
a NEWS file notice and a test case. And thanks to Nick for reporting 
this. Closing the bug report.


------------=_1740813423-23502-1
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at submit) by debbugs.gnu.org; 27 Feb 2025 17:58:04 +0000
Received: from localhost ([127.0.0.1]:37443 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tni95-0003p6-F4
	for submit <at> debbugs.gnu.org; Thu, 27 Feb 2025 12:58:04 -0500
Received: from lists.gnu.org ([2001:470:142::17]:45562)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <nick@HIDDEN>) id 1tnal5-0004ab-Bt
 for submit <at> debbugs.gnu.org; Thu, 27 Feb 2025 05:04:49 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <nick@HIDDEN>) id 1tnakv-0000Fd-T4
 for bug-diffutils@HIDDEN; Thu, 27 Feb 2025 05:04:38 -0500
Received: from fout-a6-smtp.messagingengine.com ([103.168.172.149])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <nick@HIDDEN>) id 1tnakt-0005bb-VH
 for bug-diffutils@HIDDEN; Thu, 27 Feb 2025 05:04:37 -0500
Received: from phl-compute-01.internal (phl-compute-01.phl.internal
 [10.202.2.41])
 by mailfout.phl.internal (Postfix) with ESMTP id B6C0F1382F1D
 for <bug-diffutils@HIDDEN>; Thu, 27 Feb 2025 05:04:31 -0500 (EST)
Received: from phl-imap-04 ([10.202.2.82])
 by phl-compute-01.internal (MEProxy); Thu, 27 Feb 2025 05:04:31 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smallbone.se; h=
 cc:content-transfer-encoding:content-type:content-type:date:date
 :from:from:in-reply-to:message-id:mime-version:reply-to:subject
 :subject:to:to; s=fm3; t=1740650671; x=1740737071; bh=AvXOEXJDLv
 x5xdcpmZd3zsUJhxU0/AE5R+49ASmCwN0=; b=aSMbJodZ3xg3PbwHWdttq6gkqE
 2ibD5Xezw7rMucl2i/d42joZ4SWgCKSB0UCPgHTwAFjolgnH83Osr2jVEE734QlJ
 w7YZ5ENmo6yxb47gDez+ASkXNM1vQ17lPCuNerclfBbRMA9A3EarhvR45YpvAQEi
 9WOhg1jTW79+tmbRVwXZ+fc+zrnu9waaA+SxuN1DHTTpcnmqYPDYpGkbdNy5s4X7
 JgtaTREi749e7mdFKsTRAn7lEQhxbKvAUKhpOjMCkB2rc0yM54apTMAUgtvunCcp
 7pvNEMepCUR3WmBWWfmQeSbGu7r4usNPFV1mMgSPs8o5tKj+eqeOSIksAx1Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-transfer-encoding:content-type
 :content-type:date:date:feedback-id:feedback-id:from:from
 :in-reply-to:message-id:mime-version:reply-to:subject:subject:to
 :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=
 1740650671; x=1740737071; bh=AvXOEXJDLvx5xdcpmZd3zsUJhxU0/AE5R+4
 9ASmCwN0=; b=My5M0pcyz99LFAjaJIb4yh4FXjCwtAm9JW/e7+JqbZhJpW7WWux
 ZTaxVmzEM9g5OZwD0rcpz+0DN/m636GSzj01VdCGx8wbcWOcWYWl4grnOn+CFVK+
 USbUOnGE9KFlLqbZibOnwphZQnbiVe28qNUrx6uxGtWq1Gvomglme88x5smty30O
 Pwikchh9BnXngjsoGrAD9VS66qHr4yn3iIKQFZpwxPLPyJOp/pJ77z0KL6NasYok
 joSADc7EJPHfdR/per7pWqnsgZJRibCcjevzZiqT+JF2BEhnKmuuZktcCDyOICZ5
 4ckP1/gSmLasT72DZSi5x0L9FpzKpobblVg==
X-ME-Sender: <xms:rzjAZxBC6cjC407CDm3ukz_RwB76mDBKPbuoJchuFu4UQtE9m5kVAA>
 <xme:rzjAZ_icYSuxHI2ZDQqzz1xdxIei6MrgUwIvyyIxwE3fUIFXvdSgmXrV6jbWxY82D
 zdX2mJiUYQM2apWbg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdekjedukecutefuodetggdotefrod
 ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp
 uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecunecujfgurhepofggff
 fhvffkufgtgfesthejredtredttdenucfhrhhomhepfdfpihgtkhcuufhmrghllhgsohhn
 vgdfuceonhhitghksehsmhgrlhhlsghonhgvrdhsvgeqnecuggftrfgrthhtvghrnhepff
 dugffghfekteehfffhjeeiteejhfdvffffuefhudfgledviefggfdtvdegvdetnecuffho
 mhgrihhnpehgnhhurdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpe
 hmrghilhhfrhhomhepnhhitghksehsmhgrlhhlsghonhgvrdhsvgdpnhgspghrtghpthht
 ohepuddpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepsghughdqughifhhfuhhtih
 hlshesghhnuhdrohhrgh
X-ME-Proxy: <xmx:rzjAZ8n9luerjGATVovW4O0OKb0e09VuHwfkfb6bxKNl7trE72Eu1g>
 <xmx:rzjAZ7wQfMustD_DV_vQPzliBGbvdcBXRPRPDHWghdKWhu0FVBpGcg>
 <xmx:rzjAZ2TMb8yGzf-2AFz7KljBdOQptJkTlNcjS2ZPZKr1sTZQGICpHg>
 <xmx:rzjAZ-Z6UiI4UpbgFqzgKRTUmA12Wi6LfkaVV_8iVOXyOeRXm6YChQ>
 <xmx:rzjAZ_6qcE_XVYzM-s2VEtzU0Sh6HXD1CQ1LoiIIWgahzyec-GABG7qQ>
Feedback-ID: ic1c842cf:Fastmail
Received: by mailuser.phl.internal (Postfix, from userid 501)
 id 5BA852E60088; Thu, 27 Feb 2025 05:04:31 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
MIME-Version: 1.0
Date: Thu, 27 Feb 2025 11:04:03 +0100
From: "Nick Smallbone" <nick@HIDDEN>
To: bug-diffutils@HIDDEN
Message-Id: <c4a9f6ca-57e1-47b5-886b-adb0be409b7f@HIDDEN>
Subject: diff -y crashes with apparent memory corruption
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Received-SPF: pass client-ip=103.168.172.149; envelope-from=nick@HIDDEN;
 helo=fout-a6-smtp.messagingengine.com
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001,
 RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 0.7 (/)
X-Debbugs-Envelope-To: submit
X-Mailman-Approved-At: Thu, 27 Feb 2025 12:58:01 -0500
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.3 (/)

Hi,

I'm running diffutils-3.11, downloaded from ftp.gnu.org and built with ./configure && make (no options given).

I'm seeing the problem that diff -y is crashing with various malloc-related errors. Here is an example. First I create two files a and b like so:

% seq 1 100 > a
% seq 1 100 | grep -v 50 > b

Then I run diff -y a b, which crashes with an error in free():

% diff -y a b
free(): corrupted unsorted chunks
zsh: IOT instruction  src/diff -y ~/a ~/b

I haven't looked into the source to find out the problem, but I did compile a debug build and run it under Valgrind. It detected some memory corruption - here is the report:

==9602== Memcheck, a memory error detector
==9602== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al.
==9602== Using Valgrind-3.24.0 and LibVEX; rerun with -h for copyright info
==9602== Command: src/diff -y /home/nick/a /home/nick/b
==9602== 
==9602== Invalid write of size 8
==9602==    at 0x40EC8A: find_and_hash_each_line (io.c:1017)
==9602==    by 0x40FBAA: read_files (io.c:1366)
==9602==    by 0x40596C: diff_2_files (analyze.c:463)
==9602==    by 0x409B1F: compare_prepped_files (diff.c:1371)
==9602==    by 0x40ADBF: compare_files (diff.c:1633)
==9602==    by 0x408834: main (diff.c:881)
==9602==  Address 0x4b12f80 is 0 bytes after a block of size 656 alloc'd
==9602==    at 0x4850C7C: realloc (vg_replace_malloc.c:1801)
==9602==    by 0x41A8A6: rpl_realloc (stdlib.h:2066)
==9602==    by 0x41CE27: xrealloc (xmalloc.c:66)
==9602==    by 0x41D196: xpalloc (xmalloc.c:271)
==9602==    by 0x40EC4A: find_and_hash_each_line (io.c:1013)
==9602==    by 0x40FBAA: read_files (io.c:1366)
==9602==    by 0x40596C: diff_2_files (analyze.c:463)
==9602==    by 0x409B1F: compare_prepped_files (diff.c:1371)
==9602==    by 0x40ADBF: compare_files (diff.c:1633)
==9602==    by 0x408834: main (diff.c:881)
==9602== 
--9602-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting
--9602-- si_code=1;  Faulting address: 0x9622BA0;  sp: 0x1002cf6e20

valgrind: the 'impossible' happened:
   Killed by fatal signal

host stacktrace:
==9602==    at 0x5804AE1F: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
==9602==    by 0x58004E0C: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
==9602==    by 0x58005203: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
==9602==    by 0x58097E37: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
==9602==    by 0x580E1E1A: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)

sched status:
  running_tid=1

Thread 1: status = VgTs_Runnable (lwpid 9602)
==9602==    at 0x4850A5F: calloc (vg_replace_malloc.c:1675)
==9602==    by 0x4160B0: icalloc (ialloc.h:91)
==9602==    by 0x41D239: xicalloc (xmalloc.c:304)
==9602==    by 0x41D1E7: xizalloc (xmalloc.c:289)
==9602==    by 0x405E39: diff_2_files (analyze.c:529)
==9602==    by 0x409B1F: compare_prepped_files (diff.c:1371)
==9602==    by 0x40ADBF: compare_files (diff.c:1633)
==9602==    by 0x408834: main (diff.c:881)
client stack range: [0x1FFEFFD000 0x1FFF000FFF] client SP: 0x1FFEFFEDA0
valgrind stack range: [0x1002BF7000 0x1002CF6FFF] top usage: 7272 of 1048576

Nick



------------=_1740813423-23502-1--

Message received at control <at> debbugs.gnu.org:

Received: (at control) by debbugs.gnu.org; 26 Mar 2025 04:18:13 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 26 00:18:13 2025
Received: from localhost ([127.0.0.1]:40797 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1txIDV-0006T1-8d
	for submit <at> debbugs.gnu.org; Wed, 26 Mar 2025 00:18:13 -0400
Received: from mail.cs.ucla.edu ([131.179.128.66]:49278)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <eggert@HIDDEN>)
 id 1txIDQ-0006SY-Pd
 for control <at> debbugs.gnu.org; Wed, 26 Mar 2025 00:18:10 -0400
Received: from localhost (localhost [127.0.0.1])
 by mail.cs.ucla.edu (Postfix) with ESMTP id F2EA53C3214D1
 for <control <at> debbugs.gnu.org>; Tue, 25 Mar 2025 21:18:01 -0700 (PDT)
Received: from mail.cs.ucla.edu ([127.0.0.1])
 by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavis, port 10032) with ESMTP
 id biQmuC2udgcV for <control <at> debbugs.gnu.org>;
 Tue, 25 Mar 2025 21:18:01 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
 by mail.cs.ucla.edu (Postfix) with ESMTP id BB8EE3C3214D2
 for <control <at> debbugs.gnu.org>; Tue, 25 Mar 2025 21:18:01 -0700 (PDT)
DKIM-Filter: OpenDKIM Filter v2.10.3 mail.cs.ucla.edu BB8EE3C3214D2
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.ucla.edu;
 s=9D0B346E-2AEB-11ED-9476-E14B719DCE6C; t=1742962681;
 bh=hAUVoCW9vxRWoEaUutoUZ880EvDy65Wg5v3V1kevYho=;
 h=Message-ID:Date:MIME-Version:To:From;
 b=lfbfe6xTeDkdf6ILVA4hTwQwWBtHrk5gJAGOk0DAqf7QZrE3Tn9Y6ES9igDKE6FU6
 kGfX8g6ijlOxjeytTjWZcCzF7DXPrG1GHFQTNOTEokekm3dg/cRk3XhqOxL9J+WRuP
 B57Utvpk2pNKdpnPponZgLPkPQeXWysY077IoXoGGre53RmrrxMl+rbW7oRf+TGMYF
 /fDnjqYedpy9JITsh7h8xyVZfEzftqKMGfdwDfw/o1Errw3GpUXABrWGf2pYh3+Pbf
 7ULs4l/UdyAYNXteeQ2zPIP1fAE28n39skshTox7n4HNxIrkajh8MVLvbYdBs1zTMP
 Wol5uWk2k3m0Q==
X-Virus-Scanned: amavis at mail.cs.ucla.edu
Received: from mail.cs.ucla.edu ([127.0.0.1])
 by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavis, port 10026) with ESMTP
 id alYnBZvPzit8 for <control <at> debbugs.gnu.org>;
 Tue, 25 Mar 2025 21:18:01 -0700 (PDT)
Received: from [192.168.0.23] (97-122-122-182.hlrn.qwest.net [97.122.122.182])
 by mail.cs.ucla.edu (Postfix) with ESMTPSA id 911E43C3214D1
 for <control <at> debbugs.gnu.org>; Tue, 25 Mar 2025 21:18:01 -0700 (PDT)
Message-ID: <f17797fb-d44a-4d3c-9b95-73610094a09c@HIDDEN>
Date: Tue, 25 Mar 2025 22:18:01 -0600
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: control <at> debbugs.gnu.org
From: Paul Eggert <eggert@HIDDEN>
Subject: diffutils bug maintenance
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: control
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

close 77265
merge 77265 76613

Last modified: Wed, 26 Mar 2025 04:30:03 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.