Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/usr.bin/sort Only try to copy the extra incomplete record da...
details: https://anonhg.NetBSD.org/src/rev/c3b20a13937b
branches: trunk
changeset: 509902:c3b20a13937b
user: jdolecek <jdolecek%NetBSD.org@localhost>
date: Tue May 15 11:49:25 2001 +0000
description:
Only try to copy the extra incomplete record data if there is anything
actually read already. Albeit it's not damaging to copy zero data
for bufend == crec->data case, the buffer end could also be between
memory position 'crec' and 'crec->data'. Thus, we could end up with
negative 'bufend - crec->data' value, and obvious havoc.
This change fixes lib/12673, though the problem was masked and no longer
repeatable with the provided example after the recent buffer size bump.
The change was tested with the buffer size change backed off, and really
fixes the problem in the PR.
diffstat:
usr.bin/sort/fsort.c | 37 ++++++++++++++++++++++++-------------
1 files changed, 24 insertions(+), 13 deletions(-)
diffs (62 lines):
diff -r 999c0f48dac0 -r c3b20a13937b usr.bin/sort/fsort.c
--- a/usr.bin/sort/fsort.c Tue May 15 11:45:50 2001 +0000
+++ b/usr.bin/sort/fsort.c Tue May 15 11:49:25 2001 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: fsort.c,v 1.19 2001/05/15 11:19:45 jdolecek Exp $ */
+/* $NetBSD: fsort.c,v 1.20 2001/05/15 11:49:25 jdolecek Exp $ */
/*-
* Copyright (c) 1993
@@ -47,7 +47,7 @@
#include "fsort.h"
#ifndef lint
-__RCSID("$NetBSD: fsort.c,v 1.19 2001/05/15 11:19:45 jdolecek Exp $");
+__RCSID("$NetBSD: fsort.c,v 1.20 2001/05/15 11:49:25 jdolecek Exp $");
__SCCSID("@(#)fsort.c 8.1 (Berkeley) 6/6/93");
#endif /* not lint */
@@ -188,21 +188,32 @@
mfct++;
/* reduce number of open files */
if (mfct == MERGE_FNUM ||(c == EOF && ntfiles)) {
- tmpbuf = malloc(bufend -
- crec->data);
- memmove(tmpbuf, crec->data,
- bufend - crec->data);
- fstack[base + ntfiles].fp
- = ftmp();
+ /*
+ * Only copy extra incomplete crec
+ * data if there are any.
+ */
+ int nodata = (bufend >= (u_char *)crec
+ && bufend <= crec->data);
+
+ if (!nodata) {
+ tmpbuf = malloc(bufend -
+ crec->data);
+ memmove(tmpbuf, crec->data,
+ bufend - crec->data);
+ }
+
+ fstack[base + ntfiles].fp = ftmp();
fmerge(0, MSTART, filelist,
- mfct, geteasy,
- fstack[base].fp,
+ mfct, geteasy, fstack[base].fp,
putrec, ftbl);
ntfiles++;
mfct = 0;
- memmove(crec->data, tmpbuf,
- bufend - crec->data);
- free(tmpbuf);
+
+ if (!nodata) {
+ memmove(crec->data, tmpbuf,
+ bufend - crec->data);
+ free(tmpbuf);
+ }
}
} else {
fstack[base + ntfiles].fp= ftmp();
Home |
Main Index |
Thread Index |
Old Index