[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
"read" builtin corrupts buffered input after byte 2**31 (w/patch)
From: |
Gregory Margo |
Subject: |
"read" builtin corrupts buffered input after byte 2**31 (w/patch) |
Date: |
Wed, 27 Jul 2011 10:45:29 -0700 |
User-agent: |
Mutt/1.5.20 (2009-06-14) |
Configuration Information [Automatically generated, do not change]:
Machine: x86_64
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='x86_64'
-DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='x86_64-unknown-linux-gnu'
-DCONF_VENDOR='unknown' -DLOCALEDIR='/usr/local/share/locale' -DPACKAGE='bash'
-DSHELL -DHAVE_CONFIG_H -I. -I. -I./include -I./lib -g -O2
uname output: Linux bohr 2.6.35-30-generic #54-Ubuntu SMP Tue Jun 7 18:41:54
UTC 2011 x86_64 GNU/Linux
Machine Type: x86_64-unknown-linux-gnu
Bash Version: 4.2
Patch Level: 10
Release Status: release
Description:
"read" builtin corrupts buffered input after byte 2**31.
Repeat-By:
To demonstrate this error, use "read" to read a large text file with
size > 2**31, with non-128-multiple line lengths, through a file
descriptor, and compare against expected input.
Attached is a bash script to perform that test.
Fix:
The problem is caused by an improper error test on lseek(2)
in the zsyncfd() function in lib/sh/zread.c.
lseek() returns an "off_t" but only an "int" was used, so when the
file offset goes beyond 2**31, the offset appears to be negative, and
hence the "lbuf" index and offset variables are not reset.
Using the proper type and the proper error check fixes it.
The following patch corrects the problem:
--- lib/sh/zread.c.00 2009-03-02 05:54:45.000000000 -0800
+++ lib/sh/zread.c 2011-07-24 17:07:03.747260237 -0700
@@ -161,13 +161,13 @@
int fd;
{
off_t off;
- int r;
+ off_t r;
off = lused - lind;
r = 0;
if (off > 0)
r = lseek (fd, -off, SEEK_CUR);
- if (r >= 0)
+ if (r != (off_t)-1)
lused = lind = 0;
}
--
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Gregory H. Margo
gmargo at yahoo/com, gmail/com, pacbell/net; greg at margofamily/org
test_read_bigfile.bash
Description: Text document
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- "read" builtin corrupts buffered input after byte 2**31 (w/patch),
Gregory Margo <=