netbsd-bugs: bin/34641: column -t can generate infinite output

Subject: bin/34641: column -t can generate infinite output
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org>
From: None <jbernard@mines.edu>
List: netbsd-bugs
Date: 09/27/2006 20:30:00
>Number:         34641
>Category:       bin
>Synopsis:       column -t can generate infinite output
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Sep 27 20:30:00 +0000 2006
>Originator:     Jim Bernard
>Release:        NetBSD 4.99.2
>Organization:
>Environment:
System: NetBSD 4.99.2 #0: Sat Sep 16 12:17:30 MDT 2006 i386
Architecture: i386
Machine: i386
>Description:
	With certain input, column -t (revision 1.15) can generate an
	apparently unterminating (at least a GB) string of blank spaces.
	This was observed when /etc/security did its device check and the
	output of column -t filled /tmp.  I'll include below an example of
	a file that causes the misbehavior.

	Revision 1.14 of column does not exhibit the failure, at least
	not on the example below.  As noted below (see Fix:), this hints
	that the problem may actually lie in libutil, rather than column.

	Kernel and userland were built from -current source on the
	date shown above in the System: field.  I've observed the
	behavior on three different machines (all i386, but with
	rather different hardware) running this build.

>How-To-Repeat:
	Feed the text below to column -t (include no leading or trailing
	blank lines).  Small differences in the text, such as deleting
	a single line, eliminate the failure.  I suggest saving the text
	to a file and doing something like:

	  column -t dangerous_file > /dev/null

	It will run forever.  If a line is deleted from the file, the
	command will return immediately.  The actual output from column
	contains the first column of the first line, followed by zillions
	of blank spaces.
brw-r----- 1 root operator 142, 0 Jun 3 18:02:10 2005 /dev/xbd0a
brw-r----- 1 root operator 142, 0 Sep 30 21:05:33 2005 /dev/xbd0a
brw-r----- 1 root operator 142, 1 Jun 3 18:02:10 2005 /dev/xbd0b
brw-r----- 1 root operator 142, 1 Sep 30 21:05:33 2005 /dev/xbd0b
brw-r----- 1 root operator 142, 2 Jun 3 18:02:10 2005 /dev/xbd0c
brw-r----- 1 root operator 142, 2 Sep 30 21:05:33 2005 /dev/xbd0c
brw-r----- 1 root operator 142, 3 Jun 3 18:02:10 2005 /dev/xbd0d
brw-r----- 1 root operator 142, 3 Sep 30 21:05:33 2005 /dev/xbd0d
brw-r----- 1 root operator 142, 4 Jun 3 18:02:10 2005 /dev/xbd0e
brw-r----- 1 root operator 142, 4 Sep 30 21:05:33 2005 /dev/xbd0e
brw-r----- 1 root operator 142, 5 Jun 3 18:02:10 2005 /dev/xbd0f
brw-r----- 1 root operator 142, 5 Sep 30 21:05:33 2005 /dev/xbd0f
brw-r----- 1 root operator 142, 6 Jun 3 18:02:10 2005 /dev/xbd0g
brw-r----- 1 root operator 142, 6 Sep 30 21:05:33 2005 /dev/xbd0g
brw-r----- 1 root operator 142, 7 Jun 3 18:02:10 2005 /dev/xbd0h
brw-r----- 1 root operator 142, 7 Sep 30 21:05:33 2005 /dev/xbd0h
brw-r----- 1 root operator 142, 524288 Jun 3 18:02:10 2005 /dev/xbd0i
brw-r----- 1 root operator 142, 524288 Sep 30 21:05:33 2005 /dev/xbd0i
brw-r----- 1 root operator 142, 524289 Jun 3 18:02:10 2005 /dev/xbd0j
brw-r----- 1 root operator 142, 524289 Sep 30 21:05:33 2005 /dev/xbd0j
brw-r----- 1 root operator 142, 524290 Jun 3 18:02:10 2005 /dev/xbd0k
brw-r----- 1 root operator 142, 524290 Sep 30 21:05:33 2005 /dev/xbd0k
brw-r----- 1 root operator 142, 524291 Jun 3 18:02:10 2005 /dev/xbd0l
brw-r----- 1 root operator 142, 524291 Sep 30 21:05:33 2005 /dev/xbd0l
brw-r----- 1 root operator 142, 524292 Jun 3 18:02:10 2005 /dev/xbd0m
brw-r----- 1 root operator 142, 524292 Sep 30 21:05:33 2005 /dev/xbd0m
brw-r----- 1 root operator 142, 524293 Jun 3 18:02:10 2005 /dev/xbd0n
brw-r----- 1 root operator 142, 524293 Sep 30 21:05:33 2005 /dev/xbd0n
brw-r----- 1 root operator 142, 524294 Jun 3 18:02:10 2005 /dev/xbd0o
brw-r----- 1 root operator 142, 524294 Sep 30 21:05:33 2005 /dev/xbd0o
brw-r----- 1 root operator 142, 524295 Jun 3 18:02:10 2005 /dev/xbd0p
brw-r----- 1 root operator 142, 524295 Sep 30 21:05:33 2005 /dev/xbd0p
brw-r----- 1 root operator 142, 8 Jun 3 18:02:10 2005 /dev/xbd1a
brw-r----- 1 root operator 142, 8 Sep 30 21:05:33 2005 /dev/xbd1a
brw-r----- 1 root operator 142, 9 Jun 3 18:02:10 2005 /dev/xbd1b
brw-r----- 1 root operator 142, 9 Sep 30 21:05:33 2005 /dev/xbd1b
brw-r----- 1 root operator 142, 10 Jun 3 18:02:10 2005 /dev/xbd1c
brw-r----- 1 root operator 142, 10 Sep 30 21:05:33 2005 /dev/xbd1c
brw-r----- 1 root operator 142, 11 Jun 3 18:02:10 2005 /dev/xbd1d
brw-r----- 1 root operator 142, 11 Sep 30 21:05:33 2005 /dev/xbd1d
brw-r----- 1 root operator 142, 12 Jun 3 18:02:10 2005 /dev/xbd1e
brw-r----- 1 root operator 142, 12 Sep 30 21:05:33 2005 /dev/xbd1e
brw-r----- 1 root operator 142, 13 Jun 3 18:02:10 2005 /dev/xbd1f
brw-r----- 1 root operator 142, 13 Sep 30 21:05:33 2005 /dev/xbd1f
brw-r----- 1 root operator 142, 14 Jun 3 18:02:10 2005 /dev/xbd1g
brw-r----- 1 root operator 142, 14 Sep 30 21:05:33 2005 /dev/xbd1g
brw-r----- 1 root operator 142, 15 Jun 3 18:02:10 2005 /dev/xbd1h
brw-r----- 1 root operator 142, 15 Sep 30 21:05:33 2005 /dev/xbd1h
brw-r----- 1 root operator 142, 524296 Jun 3 18:02:10 2005 /dev/xbd1i
brw-r----- 1 root operator 142, 524296 Sep 30 21:05:33 2005 /dev/xbd1i
brw-r----- 1 root operator 142, 524297 Jun 3 18:02:10 2005 /dev/xbd1j
brw-r----- 1 root operator 142, 524297 Sep 30 21:05:33 2005 /dev/xbd1j
brw-r----- 1 root operator 142, 524298 Jun 3 18:02:10 2005 /dev/xbd1k
brw-r----- 1 root operator 142, 524298 Sep 30 21:05:33 2005 /dev/xbd1k
brw-r----- 1 root operator 142, 524299 Jun 3 18:02:10 2005 /dev/xbd1l
brw-r----- 1 root operator 142, 524299 Sep 30 21:05:33 2005 /dev/xbd1l
brw-r----- 1 root operator 142, 524300 Jun 3 18:02:10 2005 /dev/xbd1m
brw-r----- 1 root operator 142, 524300 Sep 30 21:05:33 2005 /dev/xbd1m
brw-r----- 1 root operator 142, 524301 Jun 3 18:02:10 2005 /dev/xbd1n
brw-r----- 1 root operator 142, 524301 Sep 30 21:05:33 2005 /dev/xbd1n
brw-r----- 1 root operator 142, 524302 Jun 3 18:02:10 2005 /dev/xbd1o
brw-r----- 1 root operator 142, 524302 Sep 30 21:05:33 2005 /dev/xbd1o
brw-r----- 1 root operator 142, 524303 Jun 3 18:02:10 2005 /dev/xbd1p

>Fix:
	Unknown.  Version 1.14 of column.c does not seem to exhibit
	this behavior, so it's possible that the problem is actually in
	libutil (maybe estrdup), since the only difference between
	1.14 and 1.15 was the elimination of the internal versions
	of emalloc, erealloc, and estrdup in favor of linking them in
	from libutil.