Date: Thu, 29 Jul 1999 00:52:27 -0400 (EDT) From: "Brian F. Feldman" <green@FreeBSD.org> To: Thomas David Rivers <rivers@dignus.com> Cc: freebsd-hackers@FreeBSD.org, jmz@FreeBSD.org Subject: Re: interesting bug in /usr/bin/cmp Message-ID: <Pine.BSF.4.10.9907290051210.3955-100000@janus.syracuse.net> In-Reply-To: <199907282316.TAA63434@lakes.dignus.com>
index | next in thread | previous in thread | raw e-mail
On Wed, 28 Jul 1999, Thomas David Rivers wrote:
> >
> > If someone is interested to solve a problem:
> >
> > $ dd if=/dev/zero bs=8848 count=1 of=a 2>/dev/null
> > $ cp a b
> > $ cmp a b 0 0x300
> > Segmentation fault (core dumped)
> > $ cmp a b 0 0x200
> > cmp: EOF on b
> > $ cmp a b 0x300 0
> > cmp: EOF on a
> >
> > Jean-Marc
> >
>
> I've seen a similar problem when doing cmp with CD-ROM
> devices (I believe I entered a PR on it.)
>
> I think the problem has to do with cmp's use of mmap(), and
> potential issues there... But, that's just a guess on my part.
It has to do with mmap(), but not any specific issues with mmap(), just a
bug in its use.
If noone has any objections, I will commit this and MFC it in a week or so.
--- src/usr.bin/cmp/regular.c.orig Thu Jul 29 00:43:50 1999
+++ src/usr.bin/cmp/regular.c Thu Jul 29 00:44:54 1999
@@ -57,7 +57,7 @@
off_t skip1, len1, skip2, len2;
{
u_char ch, *p1, *p2;
- off_t byte, length, line;
+ off_t byte, length, line, mlength;
int dfound;
off_t pagemask, off1, off2;
@@ -76,17 +76,18 @@
off2 = ROUNDPAGE(skip2);
length = MIN(len1, len2);
- if (length > SIZE_T_MAX)
+ mlength = MAX(len1, len2);
+ if (mlength > SIZE_T_MAX)
return (c_special(fd1, file1, skip1, fd2, file2, skip2));
if ((p1 = (u_char *)mmap(NULL,
- (size_t)length, PROT_READ, MAP_SHARED, fd1, off1)) == (u_char *)MAP_FAILED)
+ (size_t)mlength, PROT_READ, MAP_SHARED, fd1, off1)) == (u_char *)MAP_FAILED)
err(ERR_EXIT, "%s", file1);
- madvise(p1, length, MADV_SEQUENTIAL);
+ madvise(p1, mlength, MADV_SEQUENTIAL);
if ((p2 = (u_char *)mmap(NULL,
- (size_t)length, PROT_READ, MAP_SHARED, fd2, off2)) == (u_char *)MAP_FAILED)
+ (size_t)mlength, PROT_READ, MAP_SHARED, fd2, off2)) == (u_char *)MAP_FAILED)
err(ERR_EXIT, "%s", file2);
- madvise(p2, length, MADV_SEQUENTIAL);
+ madvise(p2, mlength, MADV_SEQUENTIAL);
dfound = 0;
p1 += skip1 - off1;
Brian Fundakowski Feldman _ __ ___ ____ ___ ___ ___
green@FreeBSD.org _ __ ___ | _ ) __| \
FreeBSD: The Power to Serve! _ __ | _ \._ \ |) |
http://www.FreeBSD.org/ _ |___/___/___/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9907290051210.3955-100000>