Date: Sun, 2 Jan 2011 11:10:31 +0300 (MSK) From: Eygene Ryabinkin <rea@freebsd.org> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/153619: [patch] csup: prevent infinite cycle on empty ", v" files Message-ID: <20110102081031.D16F3DA81F@void.codelabs.ru> Resent-Message-ID: <201101020820.p028KAcM080750@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 153619
>Category: bin
>Synopsis: [patch] csup: prevent infinite cycle on empty ",v" files
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Jan 02 08:20:10 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Eygene Ryabinkin
>Release: FreeBSD 9.0-CURRENT amd64
>Organization:
Code Labs
>Environment:
System: FreeBSD 9.0-CURRENT amd64
>Description:
I had an empty "Makefile,v" and csup choked on it, entering
the infinite cycle and grabbing memory. The problem is that
the 'ID' was defined as 0 and the built-in YY_NULL that tells
the caller that EOF was found is 0 too. So, the following
cycle on the empty file will be infinite:
{{{
/* access {id]*; */
assert(token == KEYWORD);
token = rcslex(*sp);
while (token == ID) {
id = duptext(sp, NULL);
rcsfile_addaccess(rf, id);
free(id);
token = rcslex(*sp);
}
}}}
>How-To-Repeat:
Truncate any ",v" file in your full CVS repository that is updated by
csup and watch it choking on that entry, grabbing more and more memory
and being killed at the out-of-swap-space condition.
>Fix:
The following patch fixes the problem for me. Now csup reports the
file in question as broken and stops. I will try to work on adding
that file to the list of fixups to enable the full retransfer.
--- avoid-infinite-cycle-on-broken-files.diff begins here ---
>From 2e292fba6f1e3e53c5a230dc9cb69db5463983b3 Mon Sep 17 00:00:00 2001
From: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
Date: Sun, 2 Jan 2011 10:56:57 +0300
I had an empty "Makefile,v" and csup choked on it, entering
the infinite cycle and grabbing memory. The problem is that
the 'ID' was defined as 0 and the built-in YY_NULL that tells
the caller that EOF was found is 0 too. So, the following
cycle on the empty file will be infinite:
{{{
/* access {id]*; */
assert(token == KEYWORD);
token = rcslex(*sp);
while (token == ID) {
id = duptext(sp, NULL);
rcsfile_addaccess(rf, id);
free(id);
token = rcslex(*sp);
}
}}}
Signed-off-by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
---
usr.bin/csup/rcsparse.h | 15 ++++++++-------
1 files changed, 8 insertions(+), 7 deletions(-)
diff --git a/usr.bin/csup/rcsparse.h b/usr.bin/csup/rcsparse.h
index 01b0156..3701407 100644
--- a/usr.bin/csup/rcsparse.h
+++ b/usr.bin/csup/rcsparse.h
@@ -28,13 +28,14 @@
#ifndef _RCSPARSE_H_
#define _RCSPARSE_H_
-#define ID 0
-#define NUM 1
-#define KEYWORD 2
-#define KEYWORD_TWO 3
-#define STRING 4
-#define SEMIC 5
-#define COLON 6
+/* NB: YY_NULL that signifies the EOF condition is 0: don't use it here. */
+#define ID 1
+#define NUM 2
+#define KEYWORD 3
+#define KEYWORD_TWO 4
+#define STRING 5
+#define SEMIC 6
+#define COLON 7
struct rcsfile;
int rcsparse_run(struct rcsfile *, FILE *, int);
--
1.7.3.2
--- avoid-infinite-cycle-on-broken-files.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110102081031.D16F3DA81F>