[src/trunk]: src/usr.bin/sort Don't touch past the end of allocated region. ...

[enami <enami%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/0bb1f36c4f7f
branches:  trunk
changeset: 751498:0bb1f36c4f7f
user:      enami <enami%NetBSD.org@localhost>
date:      Fri Feb 05 21:58:41 2010 +0000

description:
Don't touch past the end of allocated region.  It results segmentation
violation.

diffstat:

 usr.bin/sort/fsort.c |   8 ++++----
 usr.bin/sort/msort.c |  12 ++++++------
 usr.bin/sort/sort.c  |  11 +++++++++--
 usr.bin/sort/sort.h  |   3 ++-
 4 files changed, 21 insertions(+), 13 deletions(-)

diffs (136 lines):

diff -r 12dc1551cc9b -r 0bb1f36c4f7f usr.bin/sort/fsort.c
--- a/usr.bin/sort/fsort.c      Fri Feb 05 21:10:58 2010 +0000
+++ b/usr.bin/sort/fsort.c      Fri Feb 05 21:58:41 2010 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: fsort.c,v 1.46 2009/11/06 18:34:22 joerg Exp $ */
+/*     $NetBSD: fsort.c,v 1.47 2010/02/05 21:58:41 enami Exp $ */
 
 /*-
  * Copyright (c) 2000-2003 The NetBSD Foundation, Inc.
@@ -71,7 +71,7 @@
 #include "sort.h"
 #include "fsort.h"
 
-__RCSID("$NetBSD: fsort.c,v 1.46 2009/11/06 18:34:22 joerg Exp $");
+__RCSID("$NetBSD: fsort.c,v 1.47 2010/02/05 21:58:41 enami Exp $");
 
 #include <stdlib.h>
 #include <string.h>
@@ -95,7 +95,7 @@
        int file_no;
        int max_recs = DEBUG('m') ? 16 : MAXNUM;
 
-       buffer = malloc(bufsize);
+       buffer = allocrec(NULL, bufsize);
        bufend = (u_char *)buffer + bufsize;
        /* Allocate double length keymap for radix_sort */
        keylist = malloc(2 * max_recs * sizeof(*keylist));
@@ -154,7 +154,7 @@
                        /* c == BUFFEND, and we can process more data */
                        /* Allocate a larger buffer for this lot of data */
                        bufsize *= 2;
-                       nbuffer = realloc(buffer, bufsize);
+                       nbuffer = allocrec(buffer, bufsize);
                        if (!nbuffer) {
                                err(2, "failed to realloc buffer to %zu bytes",
                                        bufsize);
diff -r 12dc1551cc9b -r 0bb1f36c4f7f usr.bin/sort/msort.c
--- a/usr.bin/sort/msort.c      Fri Feb 05 21:10:58 2010 +0000
+++ b/usr.bin/sort/msort.c      Fri Feb 05 21:58:41 2010 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: msort.c,v 1.29 2009/11/06 18:34:22 joerg Exp $ */
+/*     $NetBSD: msort.c,v 1.30 2010/02/05 21:58:42 enami Exp $ */
 
 /*-
  * Copyright (c) 2000-2003 The NetBSD Foundation, Inc.
@@ -64,7 +64,7 @@
 #include "sort.h"
 #include "fsort.h"
 
-__RCSID("$NetBSD: msort.c,v 1.29 2009/11/06 18:34:22 joerg Exp $");
+__RCSID("$NetBSD: msort.c,v 1.30 2010/02/05 21:58:42 enami Exp $");
 
 #include <stdlib.h>
 #include <string.h>
@@ -206,7 +206,7 @@
        for (nfiles = i = 0; i < fstack_count; i++) {
                cfile = &fstack[i];
                if (cfile->rec == NULL) {
-                       cfile->rec = emalloc(DEFLLEN);
+                       cfile->rec = allocrec(NULL, DEFLLEN);
                        cfile->end = (u_char *)cfile->rec + DEFLLEN;
                }
                rewind(cfile->fp);
@@ -219,7 +219,7 @@
                        if (c == BUFFEND) {
                                /* Double buffer size */
                                sz = (cfile->end - (u_char *)cfile->rec) * 2;
-                               cfile->rec = erealloc(cfile->rec, sz);
+                               cfile->rec = allocrec(cfile->rec, sz);
                                cfile->end = (u_char *)cfile->rec + sz;
                                continue;
                        }
@@ -245,7 +245,7 @@
         * output file - maintaining one record from each file in the sorted
         * list.
         */
-       new_rec = emalloc(DEFLLEN);
+       new_rec = allocrec(NULL, DEFLLEN);
        new_end = (u_char *)new_rec + DEFLLEN;
        for (;;) {
                cfile = flist[0];
@@ -263,7 +263,7 @@
                if (c == BUFFEND) {
                        /* Buffer not large enough - double in size */
                        sz = (new_end - (u_char *)new_rec) * 2;
-                       new_rec = erealloc(new_rec, sz);
+                       new_rec = allocrec(new_rec, sz);
                        new_end = (u_char *)new_rec +sz;
                        continue;
                }
diff -r 12dc1551cc9b -r 0bb1f36c4f7f usr.bin/sort/sort.c
--- a/usr.bin/sort/sort.c       Fri Feb 05 21:10:58 2010 +0000
+++ b/usr.bin/sort/sort.c       Fri Feb 05 21:58:41 2010 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: sort.c,v 1.57 2009/11/06 18:34:22 joerg Exp $  */
+/*     $NetBSD: sort.c,v 1.58 2010/02/05 21:58:42 enami Exp $  */
 
 /*-
  * Copyright (c) 2000-2003 The NetBSD Foundation, Inc.
@@ -76,7 +76,7 @@
  The Regents of the University of California.  All rights reserved.");
 #endif /* not lint */
 
-__RCSID("$NetBSD: sort.c,v 1.57 2009/11/06 18:34:22 joerg Exp $");
+__RCSID("$NetBSD: sort.c,v 1.58 2010/02/05 21:58:42 enami Exp $");
 
 #include <sys/types.h>
 #include <sys/time.h>
@@ -402,3 +402,10 @@
            "             [-t char] [file ...]\n");
        exit(2);
 }
+
+RECHEADER *
+allocrec(RECHEADER *rec, size_t size)
+{
+
+       return (erealloc(rec, size + sizeof(long) - 1));
+}
diff -r 12dc1551cc9b -r 0bb1f36c4f7f usr.bin/sort/sort.h
--- a/usr.bin/sort/sort.h       Fri Feb 05 21:10:58 2010 +0000
+++ b/usr.bin/sort/sort.h       Fri Feb 05 21:58:41 2010 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: sort.h,v 1.30 2009/09/28 20:30:01 dsl Exp $    */
+/*     $NetBSD: sort.h,v 1.31 2010/02/05 21:58:42 enami Exp $  */
 
 /*-
  * Copyright (c) 2000-2003 The NetBSD Foundation, Inc.
@@ -174,6 +174,7 @@
 #define DEBUG(ch) (debug_flags & (1 << ((ch) & 31)))
 extern unsigned int debug_flags;
 
+RECHEADER *allocrec(RECHEADER *, size_t);
 void    append(RECHEADER **, int, FILE *, void (*)(const RECHEADER *, FILE *));
 void    concat(FILE *, FILE *);
 length_t enterkey(RECHEADER *, const u_char *, u_char *, size_t, struct field *);