Re: [Toybox] Two bugs in tail toy

Tue, 28 Oct 2014 16:37:38 -0700 

W dniu 28.10.2014 o 22:50, Rob Landley pisze:

On 10/28/14 14:54, [email protected] wrote:

W dniu 28.10.2014 o 01:22, Rob Landley pisze:

On 10/27/14 05:21, [email protected] wrote:

I again write mail to you because I found two bugs in tail toy and wrote
about these bugs to you and you didn't reply me.

Sorry, a little overwhelmed with todo item backlog. (And spent the whole
weekend working on sed...)

I understand it.

These bugs:
First bug is that tail added random character to stdout end when it read
from stdin.

It's a little non-obvious from staring at it which change fixes which
bug, and I got distracted actually testing the result because in commit
1523 (back on the 14th) I broke loopfiles subtly (the test for "are we
in read only mode" was confused by O_CLOEXEC so it was using stdout
instead of stdin, which broke simple stuff like _cat_ and I didn't
notice for a bit. My bad. I'd wondered why aboriginal stopped building
but hadn't had time to track it down this weekend due to banging on sed.)


Second bug is segmentation fault for 'tail -c 10' for big data from
stdin.

Indeed, a use after free error looks like. Good catch, thanks.

That part I understand. It's the added random character I'm not seeing,
and I don't understand what the orig_len change is doing?

...

I found perfect way to reproduce this bug:

seq 1 4096 | ./toybox tail

Exemplary output:

4087
4088
4089
4090
4091
4092
4093
4094
4095
4096
8

Last character is printed without new line.

$ ./toybox seq 1 4096 | ./toybox tail | ./toybox od -t x1
0000000 34 30 38 37 0a 34 30 38 38 0a 34 30 38 39 0a 34
0000020 30 39 30 0a 34 30 39 31 0a 34 30 39 32 0a 34 30
0000040 39 33 0a 34 30 39 34 0a 34 30 39 35 0a 34 30 39
0000060 36 0a
0000062

I'm still not seeing it. That's make defconfig against a clean checkout.

What build environment are you using?
I see that this bug is fixed by commit http://www.landley.net/hg/toybox/rev/1d996b0a11c0. 

May be you don't reproduce this bug by fixed this bug.



Rob
_______________________________________________
Toybox mailing list
[email protected]
http://lists.landley.net/listinfo.cgi/toybox-landley.net



_______________________________________________
Toybox mailing list
[email protected]
http://lists.landley.net/listinfo.cgi/toybox-landley.net

Reply via email to