Paul Eggert <eggert@HIDDEN>
to control <at> debbugs.gnu.org.
Full text available.Received: (at 76613-done) by debbugs.gnu.org; 1 Mar 2025 07:16:20 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sat Mar 01 02:16:19 2025 Received: from localhost ([127.0.0.1]:59684 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1toH59-00063i-KS for submit <at> debbugs.gnu.org; Sat, 01 Mar 2025 02:16:19 -0500 Received: from mail.cs.ucla.edu ([131.179.128.66]:42680) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <eggert@HIDDEN>) id 1toH56-000636-MI for 76613-done <at> debbugs.gnu.org; Sat, 01 Mar 2025 02:16:17 -0500 Received: from localhost (localhost [127.0.0.1]) by mail.cs.ucla.edu (Postfix) with ESMTP id 7A5FB3C01EBA1; Fri, 28 Feb 2025 23:16:09 -0800 (PST) Received: from mail.cs.ucla.edu ([127.0.0.1]) by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavis, port 10032) with ESMTP id TpQAPAHZicmr; Fri, 28 Feb 2025 23:16:07 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail.cs.ucla.edu (Postfix) with ESMTP id 5CDFE3C01EBA3; Fri, 28 Feb 2025 23:16:07 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.10.3 mail.cs.ucla.edu 5CDFE3C01EBA3 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.ucla.edu; s=9D0B346E-2AEB-11ED-9476-E14B719DCE6C; t=1740813367; bh=7t4WHBnfZiCBKNR79JnlX3UqI7Bqmxo7AJvG5WIgtEE=; h=Message-ID:Date:MIME-Version:To:From; b=I2OPpteRkXBNs2durO5C9cAS3uvquUpPJOH0n6HrUjdiGIhrI28iwNbPcVjroPR17 JAOJSVofLFitlsq9WQWeciUIAAD5liGXcSP+aHsNwrbvyV+AOUetA8KHDUdjlHNKBO eWosXEcxw1iqEh9P7upnpQbN+rbuQGOzN30ltBOW9d9a++/nACkd1bQqKFl+B9Jnor jZ0aGWdX0i+gpp2ASGdrKGFfEQiaKt8/5/OvyY0OfUY1V2zxNeQqRtxyE+/F0YoSV0 ixVGAxbDLRDhxEumGvHHLVdXDjKjRnoKe50PfHwOx81l0aonCFLdtOy0BllAA+vQDY G+eGQv+kEWT/Q== X-Virus-Scanned: amavis at mail.cs.ucla.edu Received: from mail.cs.ucla.edu ([127.0.0.1]) by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavis, port 10026) with ESMTP id QV0FWPgcGlvr; Fri, 28 Feb 2025 23:16:07 -0800 (PST) Received: from [192.168.254.12] (unknown [47.147.225.25]) by mail.cs.ucla.edu (Postfix) with ESMTPSA id 3CA343C01EBA1; Fri, 28 Feb 2025 23:16:07 -0800 (PST) Message-ID: <93e018b2-adc6-458c-924b-0938aeb90d0f@HIDDEN> Date: Fri, 28 Feb 2025 23:16:07 -0800 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [bug-diffutils] bug#76613: bug#76613: diff -y crashes with apparent memory corruption To: Collin Funk <collin.funk1@HIDDEN> References: <c4a9f6ca-57e1-47b5-886b-adb0be409b7f@HIDDEN> <bc7c4558-1968-4c58-b03e-ab41a3177418@HIDDEN> <87a5a6wus2.fsf@HIDDEN> Content-Language: en-US From: Paul Eggert <eggert@HIDDEN> Organization: UCLA Computer Science Department In-Reply-To: <87a5a6wus2.fsf@HIDDEN> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 76613-done Cc: 76613-done <at> debbugs.gnu.org, Nick Smallbone <nick@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) On 2025-02-27 20:35, Collin Funk wrote: > I've attached a patch that satisfies sanitizers Thanks, that looks good, and I installed that one-line change along with a NEWS file notice and a test case. And thanks to Nick for reporting this. Closing the bug report.
"Nick Smallbone" <nick@HIDDEN>:Paul Eggert <eggert@HIDDEN>:
Received: (at 76613) by debbugs.gnu.org; 28 Feb 2025 04:36:14 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Feb 27 23:36:14 2025
Received: from localhost ([127.0.0.1]:42936 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1tns6f-0008Tn-Jm
for submit <at> debbugs.gnu.org; Thu, 27 Feb 2025 23:36:14 -0500
Received: from mail-pl1-x62c.google.com ([2607:f8b0:4864:20::62c]:54595)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
(Exim 4.84_2) (envelope-from <collin.funk1@HIDDEN>)
id 1tns6Z-0008SN-Cr
for 76613 <at> debbugs.gnu.org; Thu, 27 Feb 2025 23:36:11 -0500
Received: by mail-pl1-x62c.google.com with SMTP id
d9443c01a7336-2235c5818a3so30523165ad.1
for <76613 <at> debbugs.gnu.org>; Thu, 27 Feb 2025 20:36:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1740717360; x=1741322160; darn=debbugs.gnu.org;
h=mime-version:user-agent:message-id:date:references:in-reply-to
:subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to;
bh=pC7tBT81BXY9P3s0mpAs+i07HyFd6oBpzb40qxrkVeU=;
b=TgvQLNyLE8WCxU+Bl45CiYP4EJcgSOfsslbclsxBsB+KySMXZXH+P0I+ErxYeIcNs9
kG3CII4bvi66e//RDvplPrrSUfjzis+pWvCbmiQNWV2DC5AtcY3xhspy/cPLBioFJboT
N3Nx+1ZmLpxPGcqF59PHnNHkFMzaOYmUDZs+O8ybK3aJ5xzHKa0psMXll5Zwg63cn6uu
dlLi7iD1b3PMXirDSoCO4XcIb8BQZZGU8wdl/JyU3YuKkyB2FKqoqgpscwnmO8mp/wZh
iciKpcCaaakJzLklalTZIuzmr3R3+H8UgHOPGCn6lC/0kREWQ6VY05eQQrisYfc8nxDB
iK/w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1740717360; x=1741322160;
h=mime-version:user-agent:message-id:date:references:in-reply-to
:subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date
:message-id:reply-to;
bh=pC7tBT81BXY9P3s0mpAs+i07HyFd6oBpzb40qxrkVeU=;
b=mWJI7mNVHRFdqH0a2No1SrV3u5VdcDjRQ6ahPxKwZzMBPkp+LJ1z/TpQFD6hmVAH43
2vc4kq63LRDyLE7/OlT+o+dSP96KTG7+rO3NaYDyvcxX9OxI8tdKeG633x138BtrwKAC
8nl0hl5C8FI/O8HeWRI2nENe5LoItEbi/iQWIYVrL4jbLzPly43EGXhJAW4dvyOYaojt
dIFhCKyfG0OnQMz5oCzPaYQhqJHj8tVcLUq/cI37guyHEIQu8ZCLBbODAzlUK4CUjo8+
eLBW9cguO8mhj0KjgNa9ufpXRUmA+PArr8slGVF6VsHgnoeRIP6NGzdNffgu1hzeFdMn
xy4A==
X-Forwarded-Encrypted: i=1;
AJvYcCVbImKLa6UKew3nJZzezOPJgz2TrJjxCg/eH20ndzB9iUP11cwkLRGCmJ1KCEgcebWhDyZv0A==@debbugs.gnu.org
X-Gm-Message-State: AOJu0Yy5v8ZkMJv6GoST974KFjxyF02st1j2i5aNSCgsgeOpqiynCfqp
m9zxFYEdiaRQf7FjUl+kKMc4zcqhGtv4PA5rNe/HM/22pfogyG1IjFyLLIUz
X-Gm-Gg: ASbGncu0xRUWzml4wqR7GVMC/te67UOHkNickAtZh3IQeqlyErvQRPwvjIkH3RJKq22
MiVgH2HdzdbZKWXMn+kYUX5TG4sG/a3vLk4SpVmSO3JU7F0H9lwFFnS9ykgcm/y0mwGaO7gGs7n
5ToYajilaa4jQM3LXynyOxkfaGwyzsQAFCeKFCFSPaElOl/7mqEyzK6wxitZreZWFOSTXsN/stB
6f4AuzL+b6nZS0a0DXa5Kky6fc9SIK3hGA5cGYqJ9tPk61aWKhwG5e6nilDrZN0fagz8+74CEyJ
LOPIg6fWrxBCSUfsb+SQFC6KgQueACetgicVZYVE0R72lV7fqKT/5Ec=
X-Google-Smtp-Source: AGHT+IFqn4wmLHd8nobSe5/aRxGGqG7dF73hr64wn7dobC4lbtcMFmRTtpvOT6G3YFeW+qh+fzdKDQ==
X-Received: by 2002:a17:902:e54e:b0:21f:85ee:f2df with SMTP id
d9443c01a7336-22368fbea6cmr35037995ad.15.1740717360083;
Thu, 27 Feb 2025 20:36:00 -0800 (PST)
Received: from fedora (c-73-93-224-2.hsd1.ca.comcast.net. [73.93.224.2])
by smtp.gmail.com with ESMTPSA id
d9443c01a7336-223501f972esm24498875ad.58.2025.02.27.20.35.58
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Thu, 27 Feb 2025 20:35:58 -0800 (PST)
From: Collin Funk <collin.funk1@HIDDEN>
To: Paul Eggert <eggert@HIDDEN>
Subject: Re: [bug-diffutils] bug#76613: bug#76613: diff -y crashes with
apparent memory corruption
In-Reply-To: <bc7c4558-1968-4c58-b03e-ab41a3177418@HIDDEN>
References: <c4a9f6ca-57e1-47b5-886b-adb0be409b7f@HIDDEN>
<bc7c4558-1968-4c58-b03e-ab41a3177418@HIDDEN>
Date: Thu, 27 Feb 2025 20:35:57 -0800
Message-ID: <87a5a6wus2.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-Spam-Score: 0.3 (/)
X-Debbugs-Envelope-To: 76613
Cc: 76613 <at> debbugs.gnu.org, Nick Smallbone <nick@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.7 (/)
--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Hi Paul,
Paul Eggert <eggert@HIDDEN> writes:
> Thanks for the bug report. I can reproduce it with gcc
> -fsanitize=3Daddress on Ubuntu 24.10 x86-64. I plan to take a look at it
> soon.
I see -fsanitize=3Daddress and valgrind fail this test starting at this
commit f54e901c329ba7b7d98ecae2571712f43444c2bd:
maint: use xpalloc=20=20=20=20
* bootstrap.conf (gnulib_modules): Add ialloc, to document
the now-direct dependency.
* src/diff.c (add_regexp):
* src/diff3.c (read_diff):
* src/dir.c (dir_read):
* src/io.c (slurp, find_and_hash_each_line, find_identical_ends):
* src/sdiff.c (diffarg):
Prefer xpalloc to doing it by hand.
* src/io.c: Include ialloc.h, for irealloc.
(equivs_alloc): Now idx_t, not lin, for xpalloc.
(sip): Don=E2=80=99t bother subtracting 2 * sizeof (word) from the
buffer_lcm upper bound, as later code works anyway now.
(slurp): Simplify buffer allocation so that xpalloc can be used.
Use irealloc for speculative reallocation, since the code could
work anyway if the irealloc fails. Use current->eof to check
for EOF, rather than the less-intuitive buffer size checks.
The previous commit passes it. Here are the relevant lines:
@@ -419,17 +411,16 @@ find_and_hash_each_line (struct file_data *current)
/* Maybe increase the size of the line table. */
if (line =3D=3D alloc_lines)
{
- /* Double (alloc_lines - linbuf_base) by adding to alloc_lines. =
*/
- if (IDX_MAX / 3 <=3D alloc_lines
- || IDX_MAX / sizeof *cureqs <=3D 2 * alloc_lines - linbuf_ba=
se
- || IDX_MAX / sizeof *linbuf <=3D alloc_lines - linbuf_base)
- xalloc_die ();
- alloc_lines =3D 2 * alloc_lines - linbuf_base;
- cureqs =3D xirealloc (cureqs, alloc_lines * sizeof *cureqs);
+ idx_t eqs_max =3D MIN (LIN_MAX, IDX_MAX / sizeof *cureqs);
+
+ /* Grow (alloc_lines - linbuf_base) by adding to alloc_lines. */
+ idx_t n =3D alloc_lines - linbuf_base;
linbuf +=3D linbuf_base;
- linbuf =3D xirealloc (linbuf,
- (alloc_lines - linbuf_base) * sizeof *linbuf);
+ linbuf =3D xpalloc (linbuf, &n, 1, eqs_max - linbuf_base,
+ sizeof *linbuf);
linbuf -=3D linbuf_base;
+ alloc_lines =3D linbuf_base + n;
+ cureqs =3D xirealloc (cureqs, alloc_lines * sizeof *cureqs);
}
linbuf[line] =3D ip;
cureqs[line] =3D i;
@@ -445,16 +436,13 @@ find_and_hash_each_line (struct file_data *current)
so that we can compute the length of any buffered line. */
if (line =3D=3D alloc_lines)
{
- /* Double (alloc_lines - linbuf_base) by adding to alloc_lines. =
*/
- if (IDX_MAX / 3 <=3D alloc_lines
- || IDX_MAX / sizeof *cureqs <=3D 2 * alloc_lines - linbuf_ba=
se
- || IDX_MAX / sizeof *linbuf <=3D alloc_lines - linbuf_base)
- xalloc_die ();
- alloc_lines =3D 2 * alloc_lines - linbuf_base;
- linbuf +=3D linbuf_base;
- linbuf =3D xirealloc (linbuf,
- (alloc_lines - linbuf_base) * sizeof *linbuf);
- linbuf -=3D linbuf_base;
+ /* Grow (alloc_lines - linbuf_base) by adding to alloc_lines. */
+ idx_t n =3D alloc_lines - linbuf_base;
+ linbuf +=3D linbuf_base;
+ linbuf =3D xpalloc (linbuf, &n, 1, MAX (0, IDX_MAX - linbuf_base),
+ sizeof *linbuf);
+ linbuf -=3D linbuf_base;
+ alloc_lines =3D n - linbuf_base;
}
linbuf[line] =3D p;
In the original version alloc_lines is calculated as
2 * alloc_lines - linbuf_base in both hunks. Afterwards it is
linbuf_base + n in one section and n - linbuf_base in the other.
I've attached a patch that satisfies sanitizers, but maybe I am missing
something in this code...
Collin
--=-=-=
Content-Type: text/x-patch
Content-Disposition: attachment;
filename=0001-diff-fix-allocation-size-computation-that-could-caus.patch
From 03e529dd69d50c247a217b9b659659538dfa397a Mon Sep 17 00:00:00 2001
From: Collin Funk <collin.funk1@HIDDEN>
Date: Thu, 27 Feb 2025 20:15:55 -0800
Subject: [PATCH] diff: fix allocation size computation that could cause bad
writes
Reported by Nick Smallbone <nick@HIDDEN> in:
<https://lists.gnu.org/r/bug-diffutils/2025-02/msg00012.html>.
* src/io.c (find_and_hash_each_line): Fix size computation.
---
src/io.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/io.c b/src/io.c
index a62c529..adb4f50 100644
--- a/src/io.c
+++ b/src/io.c
@@ -1012,7 +1012,7 @@ find_and_hash_each_line (struct file_data *current)
linbuf += linbuf_base;
linbuf = xpalloc (linbuf, &n, 1, -1, sizeof *linbuf);
linbuf -= linbuf_base;
- alloc_lines = n - linbuf_base;
+ alloc_lines = linbuf_base + n;
}
linbuf[line] = p;
--
2.48.1
--=-=-=--
bug-diffutils@HIDDEN:bug#76613; Package diffutils.
Full text available.Received: (at 76613) by debbugs.gnu.org; 27 Feb 2025 19:13:16 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Feb 27 14:13:16 2025 Received: from localhost ([127.0.0.1]:38013 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1tnjJs-0007yG-3a for submit <at> debbugs.gnu.org; Thu, 27 Feb 2025 14:13:16 -0500 Received: from mail.cs.ucla.edu ([131.179.128.66]:44420) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <eggert@HIDDEN>) id 1tnjJp-0007x8-Dl for 76613 <at> debbugs.gnu.org; Thu, 27 Feb 2025 14:13:14 -0500 Received: from localhost (localhost [127.0.0.1]) by mail.cs.ucla.edu (Postfix) with ESMTP id AD6BF3C00E413; Thu, 27 Feb 2025 11:13:06 -0800 (PST) Received: from mail.cs.ucla.edu ([127.0.0.1]) by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavis, port 10032) with ESMTP id HUW4yVErRLxc; Thu, 27 Feb 2025 11:13:06 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail.cs.ucla.edu (Postfix) with ESMTP id 742F73C00E41C; Thu, 27 Feb 2025 11:13:06 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.10.3 mail.cs.ucla.edu 742F73C00E41C DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.ucla.edu; s=9D0B346E-2AEB-11ED-9476-E14B719DCE6C; t=1740683586; bh=PMVrmgasuchClWStyHgSmWG84fbpjBRabA84oGcGmjg=; h=Message-ID:Date:MIME-Version:To:From; b=fNDk54wS10jIt2W1zLD399g0OHj3BxrEIBd7d8fsO+B+h2K2NgBnEvCdWRE+PXG3U HIYWfgsrW64dxXky00b5MY41pfM+FSvuoVnA00QvFUmUdzsNo5bbI58ir/SSyMUwIk HUQTqtAJaXJKwTWk+vBMMbQxG1jFeaIW7hiQU6JLosk/rSaJMnP2YpC973xEkPcQKl zW49imkEJNLfHF6e0PkhE8D9JG+fwXpdmlel/nMoE9P1KlMux0SIzrWsxY4n7NWLiL hGxKAfC2h2gMSeU9bUWDTUUwCXjgYOjCcY7aJy+h+PJ4TlGqmRoP69WeYZ5dvSoha9 SamihZCdYVjqQ== X-Virus-Scanned: amavis at mail.cs.ucla.edu Received: from mail.cs.ucla.edu ([127.0.0.1]) by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavis, port 10026) with ESMTP id 7E5fujHCTaCW; Thu, 27 Feb 2025 11:13:06 -0800 (PST) Received: from [192.168.254.12] (unknown [47.147.225.25]) by mail.cs.ucla.edu (Postfix) with ESMTPSA id 5454E3C00E413; Thu, 27 Feb 2025 11:13:06 -0800 (PST) Message-ID: <bc7c4558-1968-4c58-b03e-ab41a3177418@HIDDEN> Date: Thu, 27 Feb 2025 11:13:06 -0800 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [bug-diffutils] bug#76613: diff -y crashes with apparent memory corruption To: Nick Smallbone <nick@HIDDEN> References: <c4a9f6ca-57e1-47b5-886b-adb0be409b7f@HIDDEN> Content-Language: en-US From: Paul Eggert <eggert@HIDDEN> Organization: UCLA Computer Science Department In-Reply-To: <c4a9f6ca-57e1-47b5-886b-adb0be409b7f@HIDDEN> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 76613 Cc: 76613 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) Thanks for the bug report. I can reproduce it with gcc -fsanitize=address on Ubuntu 24.10 x86-64. I plan to take a look at it soon.
bug-diffutils@HIDDEN:bug#76613; Package diffutils.
Full text available.Received: (at submit) by debbugs.gnu.org; 27 Feb 2025 17:58:04 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Feb 27 12:58:04 2025 Received: from localhost ([127.0.0.1]:37443 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1tni95-0003p6-F4 for submit <at> debbugs.gnu.org; Thu, 27 Feb 2025 12:58:04 -0500 Received: from lists.gnu.org ([2001:470:142::17]:45562) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <nick@HIDDEN>) id 1tnal5-0004ab-Bt for submit <at> debbugs.gnu.org; Thu, 27 Feb 2025 05:04:49 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <nick@HIDDEN>) id 1tnakv-0000Fd-T4 for bug-diffutils@HIDDEN; Thu, 27 Feb 2025 05:04:38 -0500 Received: from fout-a6-smtp.messagingengine.com ([103.168.172.149]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <nick@HIDDEN>) id 1tnakt-0005bb-VH for bug-diffutils@HIDDEN; Thu, 27 Feb 2025 05:04:37 -0500 Received: from phl-compute-01.internal (phl-compute-01.phl.internal [10.202.2.41]) by mailfout.phl.internal (Postfix) with ESMTP id B6C0F1382F1D for <bug-diffutils@HIDDEN>; Thu, 27 Feb 2025 05:04:31 -0500 (EST) Received: from phl-imap-04 ([10.202.2.82]) by phl-compute-01.internal (MEProxy); Thu, 27 Feb 2025 05:04:31 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smallbone.se; h= cc:content-transfer-encoding:content-type:content-type:date:date :from:from:in-reply-to:message-id:mime-version:reply-to:subject :subject:to:to; s=fm3; t=1740650671; x=1740737071; bh=AvXOEXJDLv x5xdcpmZd3zsUJhxU0/AE5R+49ASmCwN0=; b=aSMbJodZ3xg3PbwHWdttq6gkqE 2ibD5Xezw7rMucl2i/d42joZ4SWgCKSB0UCPgHTwAFjolgnH83Osr2jVEE734QlJ w7YZ5ENmo6yxb47gDez+ASkXNM1vQ17lPCuNerclfBbRMA9A3EarhvR45YpvAQEi 9WOhg1jTW79+tmbRVwXZ+fc+zrnu9waaA+SxuN1DHTTpcnmqYPDYpGkbdNy5s4X7 JgtaTREi749e7mdFKsTRAn7lEQhxbKvAUKhpOjMCkB2rc0yM54apTMAUgtvunCcp 7pvNEMepCUR3WmBWWfmQeSbGu7r4usNPFV1mMgSPs8o5tKj+eqeOSIksAx1Q== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:message-id:mime-version:reply-to:subject:subject:to :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t= 1740650671; x=1740737071; bh=AvXOEXJDLvx5xdcpmZd3zsUJhxU0/AE5R+4 9ASmCwN0=; b=My5M0pcyz99LFAjaJIb4yh4FXjCwtAm9JW/e7+JqbZhJpW7WWux ZTaxVmzEM9g5OZwD0rcpz+0DN/m636GSzj01VdCGx8wbcWOcWYWl4grnOn+CFVK+ USbUOnGE9KFlLqbZibOnwphZQnbiVe28qNUrx6uxGtWq1Gvomglme88x5smty30O Pwikchh9BnXngjsoGrAD9VS66qHr4yn3iIKQFZpwxPLPyJOp/pJ77z0KL6NasYok joSADc7EJPHfdR/per7pWqnsgZJRibCcjevzZiqT+JF2BEhnKmuuZktcCDyOICZ5 4ckP1/gSmLasT72DZSi5x0L9FpzKpobblVg== X-ME-Sender: <xms:rzjAZxBC6cjC407CDm3ukz_RwB76mDBKPbuoJchuFu4UQtE9m5kVAA> <xme:rzjAZ_icYSuxHI2ZDQqzz1xdxIei6MrgUwIvyyIxwE3fUIFXvdSgmXrV6jbWxY82D zdX2mJiUYQM2apWbg> X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdekjedukecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecunecujfgurhepofggff fhvffkufgtgfesthejredtredttdenucfhrhhomhepfdfpihgtkhcuufhmrghllhgsohhn vgdfuceonhhitghksehsmhgrlhhlsghonhgvrdhsvgeqnecuggftrfgrthhtvghrnhepff dugffghfekteehfffhjeeiteejhfdvffffuefhudfgledviefggfdtvdegvdetnecuffho mhgrihhnpehgnhhurdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpe hmrghilhhfrhhomhepnhhitghksehsmhgrlhhlsghonhgvrdhsvgdpnhgspghrtghpthht ohepuddpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepsghughdqughifhhfuhhtih hlshesghhnuhdrohhrgh X-ME-Proxy: <xmx:rzjAZ8n9luerjGATVovW4O0OKb0e09VuHwfkfb6bxKNl7trE72Eu1g> <xmx:rzjAZ7wQfMustD_DV_vQPzliBGbvdcBXRPRPDHWghdKWhu0FVBpGcg> <xmx:rzjAZ2TMb8yGzf-2AFz7KljBdOQptJkTlNcjS2ZPZKr1sTZQGICpHg> <xmx:rzjAZ-Z6UiI4UpbgFqzgKRTUmA12Wi6LfkaVV_8iVOXyOeRXm6YChQ> <xmx:rzjAZ_6qcE_XVYzM-s2VEtzU0Sh6HXD1CQ1LoiIIWgahzyec-GABG7qQ> Feedback-ID: ic1c842cf:Fastmail Received: by mailuser.phl.internal (Postfix, from userid 501) id 5BA852E60088; Thu, 27 Feb 2025 05:04:31 -0500 (EST) X-Mailer: MessagingEngine.com Webmail Interface MIME-Version: 1.0 Date: Thu, 27 Feb 2025 11:04:03 +0100 From: "Nick Smallbone" <nick@HIDDEN> To: bug-diffutils@HIDDEN Message-Id: <c4a9f6ca-57e1-47b5-886b-adb0be409b7f@HIDDEN> Subject: diff -y crashes with apparent memory corruption Content-Type: text/plain Content-Transfer-Encoding: 7bit Received-SPF: pass client-ip=103.168.172.149; envelope-from=nick@HIDDEN; helo=fout-a6-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.7 (/) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Thu, 27 Feb 2025 12:58:01 -0500 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -0.3 (/) Hi, I'm running diffutils-3.11, downloaded from ftp.gnu.org and built with ./configure && make (no options given). I'm seeing the problem that diff -y is crashing with various malloc-related errors. Here is an example. First I create two files a and b like so: % seq 1 100 > a % seq 1 100 | grep -v 50 > b Then I run diff -y a b, which crashes with an error in free(): % diff -y a b free(): corrupted unsorted chunks zsh: IOT instruction src/diff -y ~/a ~/b I haven't looked into the source to find out the problem, but I did compile a debug build and run it under Valgrind. It detected some memory corruption - here is the report: ==9602== Memcheck, a memory error detector ==9602== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al. ==9602== Using Valgrind-3.24.0 and LibVEX; rerun with -h for copyright info ==9602== Command: src/diff -y /home/nick/a /home/nick/b ==9602== ==9602== Invalid write of size 8 ==9602== at 0x40EC8A: find_and_hash_each_line (io.c:1017) ==9602== by 0x40FBAA: read_files (io.c:1366) ==9602== by 0x40596C: diff_2_files (analyze.c:463) ==9602== by 0x409B1F: compare_prepped_files (diff.c:1371) ==9602== by 0x40ADBF: compare_files (diff.c:1633) ==9602== by 0x408834: main (diff.c:881) ==9602== Address 0x4b12f80 is 0 bytes after a block of size 656 alloc'd ==9602== at 0x4850C7C: realloc (vg_replace_malloc.c:1801) ==9602== by 0x41A8A6: rpl_realloc (stdlib.h:2066) ==9602== by 0x41CE27: xrealloc (xmalloc.c:66) ==9602== by 0x41D196: xpalloc (xmalloc.c:271) ==9602== by 0x40EC4A: find_and_hash_each_line (io.c:1013) ==9602== by 0x40FBAA: read_files (io.c:1366) ==9602== by 0x40596C: diff_2_files (analyze.c:463) ==9602== by 0x409B1F: compare_prepped_files (diff.c:1371) ==9602== by 0x40ADBF: compare_files (diff.c:1633) ==9602== by 0x408834: main (diff.c:881) ==9602== --9602-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting --9602-- si_code=1; Faulting address: 0x9622BA0; sp: 0x1002cf6e20 valgrind: the 'impossible' happened: Killed by fatal signal host stacktrace: ==9602== at 0x5804AE1F: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) ==9602== by 0x58004E0C: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) ==9602== by 0x58005203: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) ==9602== by 0x58097E37: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) ==9602== by 0x580E1E1A: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) sched status: running_tid=1 Thread 1: status = VgTs_Runnable (lwpid 9602) ==9602== at 0x4850A5F: calloc (vg_replace_malloc.c:1675) ==9602== by 0x4160B0: icalloc (ialloc.h:91) ==9602== by 0x41D239: xicalloc (xmalloc.c:304) ==9602== by 0x41D1E7: xizalloc (xmalloc.c:289) ==9602== by 0x405E39: diff_2_files (analyze.c:529) ==9602== by 0x409B1F: compare_prepped_files (diff.c:1371) ==9602== by 0x40ADBF: compare_files (diff.c:1633) ==9602== by 0x408834: main (diff.c:881) client stack range: [0x1FFEFFD000 0x1FFF000FFF] client SP: 0x1FFEFFEDA0 valgrind stack range: [0x1002BF7000 0x1002CF6FFF] top usage: 7272 of 1048576 Nick
"Nick Smallbone" <nick@HIDDEN>:bug-diffutils@HIDDEN.
Full text available.bug-diffutils@HIDDEN:bug#76613; Package diffutils.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.