Bug#38529: Memory leak in pointerize (was: Problem #4)
Package: pointerize
Version: 0.2
Hi Enrique,
I'm just trying to let the boot-floppies script for potato run and have
encountered this problem.
Martin Schulze wrote:
> This is not a good sign...
>
> make[4]: Leaving directory `/usr/src/debian/work/boot-floppies/utilities/dbootstrap/po'
> cc -D_GNU_SOURCE -DARCH=i386 -DARCHNAME='"i386"' -DKVER='"2.2.7"' -Wall -g -DINCLUDE_DBOOTSTRAP -c baseconfig.c -o baseconfig.oecho "#line 1 \"bootconfig.c\"" >tmp.bootconfig.c
> pointerize -m C.mo <bootconfig.c >>tmp.bootconfig.c
> make[3]: *** [tmp.bootconfig.c] Error 139
>
> kuolema!joey(ttyp1):/usr/src/debian/work/foo> ../pointerize-0.2/src/pointerize -m C.mo <bootconfig.c >>tmp.bootconfig.c
> Segmentation fault
> kuolema!joey(ttyp1):/usr/src/debian/work/foo> gdb ../pointerize-0.2/src/pointerize
> GNU gdb 4.17.19981224.m68k.objc.threads.hwwp.fpu.gnat
> Copyright 1998 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you are
> welcome to change it and/or distribute copies of it under certain conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB. Type "show warranty" for details.
> This GDB was configured as "i686-pc-linux-gnu"...
> (gdb) run -m C.mo <bootconfig.c >>tmp.bootconfig.c
> Starting program: /usr/src/debian/work/foo/../pointerize-0.2/src/pointerize -m C.mo <bootconfig.c >>tmp.bootconfig.c
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x4004f97f in free ()
> (gdb) where
> #0 0x4004f97f in free ()
> #1 0x4004f7f1 in free ()
> #2 0x804a454 in reset_buffer (freebuf=1) at pointerize.c:951
> #3 0x804a4a7 in fetchbuffer () at pointerize.c:961
> #4 0x8049dba in phase5_get (tp=0xbffff184) at pointerize.c:733
> #5 0x8049e7f in phase8_get (tp=0xbffff184) at pointerize.c:769
> #6 0x804a019 in my_lex (tp=0xbffff1a0) at pointerize.c:810
> #7 0x804a219 in scan_file () at pointerize.c:879
> #8 0x804a77d in main (argc=3, argv=0xbffff1d8) at pointerize.c:1055
'kay, I've found the problem:
if (pubbuffer) {
pubbuffer[pubbufpos]='\0';
tmp=strdup(pubbuffer);
reset_buffer(1);
return tmp;
}
Apparently sizeof(pubbuffer) is 100 as is pubbufpos which means
that the code will place '\0' at pos 101 which is not yet allocated.
diff -u -Nur --exclude CVS orig/pointerize-0.2/src/pointerize.c pointerize-0.2/src/pointerize.c
--- orig/pointerize-0.2/src/pointerize.c Sun Mar 7 21:50:58 1999
+++ pointerize-0.2/src/pointerize.c Sat May 29 20:49:44 1999
@@ -956,7 +956,8 @@
static char *fetchbuffer(void) {
char *tmp;
if (pubbuffer) {
- pubbuffer[pubbufpos]='\0';
+ --pubbufpos;
+ bufferget('\0');
tmp=strdup(pubbuffer);
reset_buffer(1);
return tmp;
This looks ugly but it works.
However, there is another bug some lines above:
static void bufferget(int __c) {
static int bufmax;
if (pubbuffer == NULL)
{
bufmax = 0;
pubbufpos = 0;
}
if (pubbufpos >= bufmax)
{
bufmax += 100;
pubbuffer = xrealloc (pubbuffer, bufmax);
}
pubbuffer[pubbufpos++]=__c;
}
If there is no pubbuffer, pos 0 won't be written, but only pos 1.
I don't think this is intentional.
I'll leave it to Enrique to fix it, I haven't grok'ed the code yet.
Regards,
Joey
--
Linux - the choice of a GNU generation
Please always Cc to me when replying to me on the lists.
Reply to:
- References:
- Problem #4
- From: Martin Schulze <joey@finlandia.Infodrom.North.DE>