From owner-freebsd-bugs@FreeBSD.ORG Sun Jan 2 08:20:10 2011 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CD9631065679; Sun, 2 Jan 2011 08:20:10 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 7B1EE8FC19; Sun, 2 Jan 2011 08:20:10 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p028KAtG080751; Sun, 2 Jan 2011 08:20:10 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p028KAcM080750; Sun, 2 Jan 2011 08:20:10 GMT (envelope-from gnats) Resent-Date: Sun, 2 Jan 2011 08:20:10 GMT Resent-Message-Id: <201101020820.p028KAcM080750@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@freebsd.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Cc: lulf@freebsd.org Resent-Reply-To: FreeBSD-gnats-submit@freebsd.org, Eygene Ryabinkin Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 39135106564A for ; Sun, 2 Jan 2011 08:10:33 +0000 (UTC) (envelope-from rea@codelabs.ru) Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id E6AA88FC15 for ; Sun, 2 Jan 2011 08:10:32 +0000 (UTC) Received: from void.codelabs.ru (void.codelabs.ru [144.206.177.25]) by 0.mx.codelabs.ru with esmtps (TLSv1:CAMELLIA256-SHA:256) id 1PZJ1M-000L1j-0U for FreeBSD-gnats-submit@freebsd.org; Sun, 02 Jan 2011 11:10:32 +0300 Message-Id: <20110102081031.D16F3DA81F@void.codelabs.ru> Date: Sun, 2 Jan 2011 11:10:31 +0300 (MSK) From: Eygene Ryabinkin To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 X-GNATS-Notify: lulf@freebsd.org Cc: Subject: bin/153619: [patch] csup: prevent infinite cycle on empty ", v" files X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Eygene Ryabinkin List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Jan 2011 08:20:11 -0000 >Number: 153619 >Category: bin >Synopsis: [patch] csup: prevent infinite cycle on empty ",v" files >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Jan 02 08:20:10 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Eygene Ryabinkin >Release: FreeBSD 9.0-CURRENT amd64 >Organization: Code Labs >Environment: System: FreeBSD 9.0-CURRENT amd64 >Description: I had an empty "Makefile,v" and csup choked on it, entering the infinite cycle and grabbing memory. The problem is that the 'ID' was defined as 0 and the built-in YY_NULL that tells the caller that EOF was found is 0 too. So, the following cycle on the empty file will be infinite: {{{ /* access {id]*; */ assert(token == KEYWORD); token = rcslex(*sp); while (token == ID) { id = duptext(sp, NULL); rcsfile_addaccess(rf, id); free(id); token = rcslex(*sp); } }}} >How-To-Repeat: Truncate any ",v" file in your full CVS repository that is updated by csup and watch it choking on that entry, grabbing more and more memory and being killed at the out-of-swap-space condition. >Fix: The following patch fixes the problem for me. Now csup reports the file in question as broken and stops. I will try to work on adding that file to the list of fixups to enable the full retransfer. --- avoid-infinite-cycle-on-broken-files.diff begins here --- >From 2e292fba6f1e3e53c5a230dc9cb69db5463983b3 Mon Sep 17 00:00:00 2001 From: Eygene Ryabinkin Date: Sun, 2 Jan 2011 10:56:57 +0300 I had an empty "Makefile,v" and csup choked on it, entering the infinite cycle and grabbing memory. The problem is that the 'ID' was defined as 0 and the built-in YY_NULL that tells the caller that EOF was found is 0 too. So, the following cycle on the empty file will be infinite: {{{ /* access {id]*; */ assert(token == KEYWORD); token = rcslex(*sp); while (token == ID) { id = duptext(sp, NULL); rcsfile_addaccess(rf, id); free(id); token = rcslex(*sp); } }}} Signed-off-by: Eygene Ryabinkin --- usr.bin/csup/rcsparse.h | 15 ++++++++------- 1 files changed, 8 insertions(+), 7 deletions(-) diff --git a/usr.bin/csup/rcsparse.h b/usr.bin/csup/rcsparse.h index 01b0156..3701407 100644 --- a/usr.bin/csup/rcsparse.h +++ b/usr.bin/csup/rcsparse.h @@ -28,13 +28,14 @@ #ifndef _RCSPARSE_H_ #define _RCSPARSE_H_ -#define ID 0 -#define NUM 1 -#define KEYWORD 2 -#define KEYWORD_TWO 3 -#define STRING 4 -#define SEMIC 5 -#define COLON 6 +/* NB: YY_NULL that signifies the EOF condition is 0: don't use it here. */ +#define ID 1 +#define NUM 2 +#define KEYWORD 3 +#define KEYWORD_TWO 4 +#define STRING 5 +#define SEMIC 6 +#define COLON 7 struct rcsfile; int rcsparse_run(struct rcsfile *, FILE *, int); -- 1.7.3.2 --- avoid-infinite-cycle-on-broken-files.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted: