From owner-freebsd-bugs@FreeBSD.ORG Thu Apr 13 23:40:19 2006 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D4F4316A406 for ; Thu, 13 Apr 2006 23:40:19 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5937443D4C for ; Thu, 13 Apr 2006 23:40:19 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k3DNeJxi090687 for ; Thu, 13 Apr 2006 23:40:19 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k3DNeINk090686; Thu, 13 Apr 2006 23:40:19 GMT (envelope-from gnats) Resent-Date: Thu, 13 Apr 2006 23:40:19 GMT Resent-Message-Id: <200604132340.k3DNeINk090686@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Li-Lun Wang (Leland Wang) Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D94F716A405; Thu, 13 Apr 2006 23:31:41 +0000 (UTC) (envelope-from llwang@infor.ck.tp.edu.tw) Received: from infor.ck.tp.edu.tw (infor.ck.tp.edu.tw [203.64.26.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6600C43D48; Thu, 13 Apr 2006 23:31:41 +0000 (GMT) (envelope-from llwang@infor.ck.tp.edu.tw) Received: by infor.ck.tp.edu.tw (Postfix, from userid 1001) id 028B217020; Fri, 14 Apr 2006 07:31:40 +0800 (CST) Message-Id: <20060413233140.028B217020@infor.ck.tp.edu.tw> Date: Fri, 14 Apr 2006 07:31:40 +0800 (CST) From: Li-Lun Wang (Leland Wang) To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Sean Chittenden Subject: bin/95715: /usr/games/random busy loop under some conditions X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Li-Lun Wang \(Leland Wang\)" List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Apr 2006 23:40:19 -0000 >Number: 95715 >Category: bin >Synopsis: /usr/games/random busy loop under some conditions >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Apr 13 23:40:18 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Li-Lun Wang (Leland Wang) >Release: FreeBSD 6.0-RELEASE-p4 i386 >Organization: >Environment: System: FreeBSD Athena.infor.org 6.0-RELEASE-p4 FreeBSD 6.0-RELEASE-p4 #3: Thu Jan 26 23:44:20 CST 2006 root@Athena.infor.org:/usr/obj/usr/src/sys/Athena i386 >Description: In randomize_fd() in randomize_fd.c, when buf is full and i == buflen in line 132, it doubles buf in line 151 and tries to read the remaining of the line in line 157. It sets buflen to len in line 164 (which is also incorrect), but then buflen is doubled in line 169. As a result, when this line completes, i <= buflen still holds because buflen has been doubled after it was set, and thus the condition in line 132 will not be true. The for loop in line 131 decrements bufleft below zero, making neither the condition in line 117 nor that in line 131 to hold, no further input line be read, and it loops forever. Modified files: games/random randomize_fd.c >How-To-Repeat: $ random -f - 1 12 (the program begins to loop here) >Fix: --- randomize_fd.c.orig Thu Apr 13 17:20:56 2006 +++ randomize_fd.c Thu Apr 13 18:23:18 2006 @@ -153,20 +153,20 @@ err(1, "realloc"); buf = p; + buflen *= 2; if (!eof) { - len = read(fd, &buf[i], buflen); + len = read(fd, &buf[i], buflen - i); if (len == -1) err(1, "read"); else if (len == 0) { eof++; break; } else if (len < (ssize_t)(buflen - i)) - buflen = (size_t)len; + buflen = i + (size_t)len; bufleft = (int)len; } - buflen *= 2; } } >Release-Note: >Audit-Trail: >Unformatted: