[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
bin/39326: patch fails to check writes to tempory file, silently corrupting output
>Synopsis: patch fails to check writes to tempory file, silently
>Arrival-Date: Sat Aug 09 13:00:00 +0000 2008
>Originator: Greg Troxel
>Release: NetBSD 4.0_STABLE
Greg Troxel <gdt%ir.bbn.com@localhost>
System: NetBSD fnord.ir.bbn.com 4.0_STABLE NetBSD 4.0_STABLE (GENERIC) #30: Mon
Feb 18 11:05:00 EST 2008
patch writes the output to /tmp and then copies it back. But it fails
to check writes, and if /tmp is unreasonably small (~512K in my case),
and the file being patched large (640K, configure from libtool)
(Done on amd64, seems quite MI)
mount /tmp as tmpfs with size 500000.
Try to build /usr/pkgsrc/devel/libtool-base, and observe a bizarre
shell error in configure.
Isolate patch-ab and configure, and try to run patch by hand. Note
that the output is truncated.
Run ktrace and see write errors:
98 1 patch CALL write(4,0x7f7ffd813000,0x1000)
98 1 patch RET write -1 errno 28 No space left on device
98 1 patch CALL write(2,0x7f7fffffcfd0,0x1b)
98 1 patch GIO fd 2 wrote 27 bytes
"Hunk #44 succeeded at 14754"
98 1 patch RET write 27/0x1b
98 1 patch CALL write(2,0x7f7fffffcfd0,2)
98 1 patch GIO fd 2 wrote 2 bytes
98 1 patch RET write 2
and see it keep going.
See src/usr.bin/patch/patch.c:apply_hunk(), and note that fputs is
used without checking the return value.
Main Index |
Thread Index |