GNU bug report logs - #76613
diff -y crashes with apparent memory corruption

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Package: diffutils; Reported by: "Nick Smallbone" <nick@HIDDEN>; dated Thu, 27 Feb 2025 17:59:03 UTC; Maintainer for diffutils is bug-diffutils@HIDDEN.

Message received at 76613 <at> debbugs.gnu.org:


Received: (at 76613) by debbugs.gnu.org; 27 Feb 2025 19:13:16 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Feb 27 14:13:16 2025
Received: from localhost ([127.0.0.1]:38013 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tnjJs-0007yG-3a
	for submit <at> debbugs.gnu.org; Thu, 27 Feb 2025 14:13:16 -0500
Received: from mail.cs.ucla.edu ([131.179.128.66]:44420)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <eggert@HIDDEN>)
 id 1tnjJp-0007x8-Dl
 for 76613 <at> debbugs.gnu.org; Thu, 27 Feb 2025 14:13:14 -0500
Received: from localhost (localhost [127.0.0.1])
 by mail.cs.ucla.edu (Postfix) with ESMTP id AD6BF3C00E413;
 Thu, 27 Feb 2025 11:13:06 -0800 (PST)
Received: from mail.cs.ucla.edu ([127.0.0.1])
 by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavis, port 10032) with ESMTP
 id HUW4yVErRLxc; Thu, 27 Feb 2025 11:13:06 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
 by mail.cs.ucla.edu (Postfix) with ESMTP id 742F73C00E41C;
 Thu, 27 Feb 2025 11:13:06 -0800 (PST)
DKIM-Filter: OpenDKIM Filter v2.10.3 mail.cs.ucla.edu 742F73C00E41C
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.ucla.edu;
 s=9D0B346E-2AEB-11ED-9476-E14B719DCE6C; t=1740683586;
 bh=PMVrmgasuchClWStyHgSmWG84fbpjBRabA84oGcGmjg=;
 h=Message-ID:Date:MIME-Version:To:From;
 b=fNDk54wS10jIt2W1zLD399g0OHj3BxrEIBd7d8fsO+B+h2K2NgBnEvCdWRE+PXG3U
 HIYWfgsrW64dxXky00b5MY41pfM+FSvuoVnA00QvFUmUdzsNo5bbI58ir/SSyMUwIk
 HUQTqtAJaXJKwTWk+vBMMbQxG1jFeaIW7hiQU6JLosk/rSaJMnP2YpC973xEkPcQKl
 zW49imkEJNLfHF6e0PkhE8D9JG+fwXpdmlel/nMoE9P1KlMux0SIzrWsxY4n7NWLiL
 hGxKAfC2h2gMSeU9bUWDTUUwCXjgYOjCcY7aJy+h+PJ4TlGqmRoP69WeYZ5dvSoha9
 SamihZCdYVjqQ==
X-Virus-Scanned: amavis at mail.cs.ucla.edu
Received: from mail.cs.ucla.edu ([127.0.0.1])
 by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavis, port 10026) with ESMTP
 id 7E5fujHCTaCW; Thu, 27 Feb 2025 11:13:06 -0800 (PST)
Received: from [192.168.254.12] (unknown [47.147.225.25])
 by mail.cs.ucla.edu (Postfix) with ESMTPSA id 5454E3C00E413;
 Thu, 27 Feb 2025 11:13:06 -0800 (PST)
Message-ID: <bc7c4558-1968-4c58-b03e-ab41a3177418@HIDDEN>
Date: Thu, 27 Feb 2025 11:13:06 -0800
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [bug-diffutils] bug#76613: diff -y crashes with apparent memory
 corruption
To: Nick Smallbone <nick@HIDDEN>
References: <c4a9f6ca-57e1-47b5-886b-adb0be409b7f@HIDDEN>
Content-Language: en-US
From: Paul Eggert <eggert@HIDDEN>
Organization: UCLA Computer Science Department
In-Reply-To: <c4a9f6ca-57e1-47b5-886b-adb0be409b7f@HIDDEN>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 76613
Cc: 76613 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Thanks for the bug report. I can reproduce it with gcc 
-fsanitize=address on Ubuntu 24.10 x86-64. I plan to take a look at it soon.
Information forwarded to bug-diffutils@HIDDEN:
bug#76613; Package diffutils. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 27 Feb 2025 17:58:04 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Feb 27 12:58:04 2025
Received: from localhost ([127.0.0.1]:37443 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tni95-0003p6-F4
	for submit <at> debbugs.gnu.org; Thu, 27 Feb 2025 12:58:04 -0500
Received: from lists.gnu.org ([2001:470:142::17]:45562)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <nick@HIDDEN>) id 1tnal5-0004ab-Bt
 for submit <at> debbugs.gnu.org; Thu, 27 Feb 2025 05:04:49 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <nick@HIDDEN>) id 1tnakv-0000Fd-T4
 for bug-diffutils@HIDDEN; Thu, 27 Feb 2025 05:04:38 -0500
Received: from fout-a6-smtp.messagingengine.com ([103.168.172.149])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <nick@HIDDEN>) id 1tnakt-0005bb-VH
 for bug-diffutils@HIDDEN; Thu, 27 Feb 2025 05:04:37 -0500
Received: from phl-compute-01.internal (phl-compute-01.phl.internal
 [10.202.2.41])
 by mailfout.phl.internal (Postfix) with ESMTP id B6C0F1382F1D
 for <bug-diffutils@HIDDEN>; Thu, 27 Feb 2025 05:04:31 -0500 (EST)
Received: from phl-imap-04 ([10.202.2.82])
 by phl-compute-01.internal (MEProxy); Thu, 27 Feb 2025 05:04:31 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smallbone.se; h=
 cc:content-transfer-encoding:content-type:content-type:date:date
 :from:from:in-reply-to:message-id:mime-version:reply-to:subject
 :subject:to:to; s=fm3; t=1740650671; x=1740737071; bh=AvXOEXJDLv
 x5xdcpmZd3zsUJhxU0/AE5R+49ASmCwN0=; b=aSMbJodZ3xg3PbwHWdttq6gkqE
 2ibD5Xezw7rMucl2i/d42joZ4SWgCKSB0UCPgHTwAFjolgnH83Osr2jVEE734QlJ
 w7YZ5ENmo6yxb47gDez+ASkXNM1vQ17lPCuNerclfBbRMA9A3EarhvR45YpvAQEi
 9WOhg1jTW79+tmbRVwXZ+fc+zrnu9waaA+SxuN1DHTTpcnmqYPDYpGkbdNy5s4X7
 JgtaTREi749e7mdFKsTRAn7lEQhxbKvAUKhpOjMCkB2rc0yM54apTMAUgtvunCcp
 7pvNEMepCUR3WmBWWfmQeSbGu7r4usNPFV1mMgSPs8o5tKj+eqeOSIksAx1Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-transfer-encoding:content-type
 :content-type:date:date:feedback-id:feedback-id:from:from
 :in-reply-to:message-id:mime-version:reply-to:subject:subject:to
 :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=
 1740650671; x=1740737071; bh=AvXOEXJDLvx5xdcpmZd3zsUJhxU0/AE5R+4
 9ASmCwN0=; b=My5M0pcyz99LFAjaJIb4yh4FXjCwtAm9JW/e7+JqbZhJpW7WWux
 ZTaxVmzEM9g5OZwD0rcpz+0DN/m636GSzj01VdCGx8wbcWOcWYWl4grnOn+CFVK+
 USbUOnGE9KFlLqbZibOnwphZQnbiVe28qNUrx6uxGtWq1Gvomglme88x5smty30O
 Pwikchh9BnXngjsoGrAD9VS66qHr4yn3iIKQFZpwxPLPyJOp/pJ77z0KL6NasYok
 joSADc7EJPHfdR/per7pWqnsgZJRibCcjevzZiqT+JF2BEhnKmuuZktcCDyOICZ5
 4ckP1/gSmLasT72DZSi5x0L9FpzKpobblVg==
X-ME-Sender: <xms:rzjAZxBC6cjC407CDm3ukz_RwB76mDBKPbuoJchuFu4UQtE9m5kVAA>
 <xme:rzjAZ_icYSuxHI2ZDQqzz1xdxIei6MrgUwIvyyIxwE3fUIFXvdSgmXrV6jbWxY82D
 zdX2mJiUYQM2apWbg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdekjedukecutefuodetggdotefrod
 ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp
 uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecunecujfgurhepofggff
 fhvffkufgtgfesthejredtredttdenucfhrhhomhepfdfpihgtkhcuufhmrghllhgsohhn
 vgdfuceonhhitghksehsmhgrlhhlsghonhgvrdhsvgeqnecuggftrfgrthhtvghrnhepff
 dugffghfekteehfffhjeeiteejhfdvffffuefhudfgledviefggfdtvdegvdetnecuffho
 mhgrihhnpehgnhhurdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpe
 hmrghilhhfrhhomhepnhhitghksehsmhgrlhhlsghonhgvrdhsvgdpnhgspghrtghpthht
 ohepuddpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepsghughdqughifhhfuhhtih
 hlshesghhnuhdrohhrgh
X-ME-Proxy: <xmx:rzjAZ8n9luerjGATVovW4O0OKb0e09VuHwfkfb6bxKNl7trE72Eu1g>
 <xmx:rzjAZ7wQfMustD_DV_vQPzliBGbvdcBXRPRPDHWghdKWhu0FVBpGcg>
 <xmx:rzjAZ2TMb8yGzf-2AFz7KljBdOQptJkTlNcjS2ZPZKr1sTZQGICpHg>
 <xmx:rzjAZ-Z6UiI4UpbgFqzgKRTUmA12Wi6LfkaVV_8iVOXyOeRXm6YChQ>
 <xmx:rzjAZ_6qcE_XVYzM-s2VEtzU0Sh6HXD1CQ1LoiIIWgahzyec-GABG7qQ>
Feedback-ID: ic1c842cf:Fastmail
Received: by mailuser.phl.internal (Postfix, from userid 501)
 id 5BA852E60088; Thu, 27 Feb 2025 05:04:31 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
MIME-Version: 1.0
Date: Thu, 27 Feb 2025 11:04:03 +0100
From: "Nick Smallbone" <nick@HIDDEN>
To: bug-diffutils@HIDDEN
Message-Id: <c4a9f6ca-57e1-47b5-886b-adb0be409b7f@HIDDEN>
Subject: diff -y crashes with apparent memory corruption
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Received-SPF: pass client-ip=103.168.172.149; envelope-from=nick@HIDDEN;
 helo=fout-a6-smtp.messagingengine.com
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001,
 RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 0.7 (/)
X-Debbugs-Envelope-To: submit
X-Mailman-Approved-At: Thu, 27 Feb 2025 12:58:01 -0500
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.3 (/)

Hi,

I'm running diffutils-3.11, downloaded from ftp.gnu.org and built with ./configure && make (no options given).

I'm seeing the problem that diff -y is crashing with various malloc-related errors. Here is an example. First I create two files a and b like so:

% seq 1 100 > a
% seq 1 100 | grep -v 50 > b

Then I run diff -y a b, which crashes with an error in free():

% diff -y a b
free(): corrupted unsorted chunks
zsh: IOT instruction  src/diff -y ~/a ~/b

I haven't looked into the source to find out the problem, but I did compile a debug build and run it under Valgrind. It detected some memory corruption - here is the report:

==9602== Memcheck, a memory error detector
==9602== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al.
==9602== Using Valgrind-3.24.0 and LibVEX; rerun with -h for copyright info
==9602== Command: src/diff -y /home/nick/a /home/nick/b
==9602== 
==9602== Invalid write of size 8
==9602==    at 0x40EC8A: find_and_hash_each_line (io.c:1017)
==9602==    by 0x40FBAA: read_files (io.c:1366)
==9602==    by 0x40596C: diff_2_files (analyze.c:463)
==9602==    by 0x409B1F: compare_prepped_files (diff.c:1371)
==9602==    by 0x40ADBF: compare_files (diff.c:1633)
==9602==    by 0x408834: main (diff.c:881)
==9602==  Address 0x4b12f80 is 0 bytes after a block of size 656 alloc'd
==9602==    at 0x4850C7C: realloc (vg_replace_malloc.c:1801)
==9602==    by 0x41A8A6: rpl_realloc (stdlib.h:2066)
==9602==    by 0x41CE27: xrealloc (xmalloc.c:66)
==9602==    by 0x41D196: xpalloc (xmalloc.c:271)
==9602==    by 0x40EC4A: find_and_hash_each_line (io.c:1013)
==9602==    by 0x40FBAA: read_files (io.c:1366)
==9602==    by 0x40596C: diff_2_files (analyze.c:463)
==9602==    by 0x409B1F: compare_prepped_files (diff.c:1371)
==9602==    by 0x40ADBF: compare_files (diff.c:1633)
==9602==    by 0x408834: main (diff.c:881)
==9602== 
--9602-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting
--9602-- si_code=1;  Faulting address: 0x9622BA0;  sp: 0x1002cf6e20

valgrind: the 'impossible' happened:
   Killed by fatal signal

host stacktrace:
==9602==    at 0x5804AE1F: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
==9602==    by 0x58004E0C: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
==9602==    by 0x58005203: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
==9602==    by 0x58097E37: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
==9602==    by 0x580E1E1A: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)

sched status:
  running_tid=1

Thread 1: status = VgTs_Runnable (lwpid 9602)
==9602==    at 0x4850A5F: calloc (vg_replace_malloc.c:1675)
==9602==    by 0x4160B0: icalloc (ialloc.h:91)
==9602==    by 0x41D239: xicalloc (xmalloc.c:304)
==9602==    by 0x41D1E7: xizalloc (xmalloc.c:289)
==9602==    by 0x405E39: diff_2_files (analyze.c:529)
==9602==    by 0x409B1F: compare_prepped_files (diff.c:1371)
==9602==    by 0x40ADBF: compare_files (diff.c:1633)
==9602==    by 0x408834: main (diff.c:881)
client stack range: [0x1FFEFFD000 0x1FFF000FFF] client SP: 0x1FFEFFEDA0
valgrind stack range: [0x1002BF7000 0x1002CF6FFF] top usage: 7272 of 1048576

Nick
Acknowledgement sent to "Nick Smallbone" <nick@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-diffutils@HIDDEN. Full text available.
Report forwarded to bug-diffutils@HIDDEN:
bug#76613; Package diffutils. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Thu, 27 Feb 2025 19:15:01 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.