"cut -f 2- A B" no longer triggers a double-free bug

* src/cut.c (cut_fields): Set file-scoped global to NULL after freeing it. This avoids a double-free (and core dump on some systems) for this usage: "echo 1>a; echo 2>b; cut -f2- a b". Reported by James Hunt in <http://bugzilla.redhat.com/220312>. * NEWS: List this bug fix. * THANKS: Mention him. * tests/misc/cut: New file. * tests/misc/Makefile.am (TESTS): Add cut.
author: Jim Meyering <jim@meyering.net> 2006-12-20 14:25:55 +0100
committer: Jim Meyering <jim@meyering.net> 2006-12-20 14:25:55 +0100
commit: d69fc66d81c7166fe689418f42b7cb900d2a1433 (patch)
tree: d5892567bd10b245328d8da36bef287a0d1ede41
parent: 4e48b4ce334cb601dbbe2562e3aa410dc3ef3fba (diff)
download: coreutils-d69fc66d81c7166fe689418f42b7cb900d2a1433.tar.xz
6 files changed, 70 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 23455e2be..ded57704e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+2006-12-20  Jim Meyering  <jim@meyering.net>
+
+	"cut -f 2- A B" no longer triggers a double-free bug
+	* src/cut.c (cut_fields): Set file-scoped global to NULL after
+	freeing it.  This avoids a double-free (and core dump on some systems)
+	for this usage: "echo 1>a; echo 2>b; cut -f2- a b".  Reported by
+	James Hunt in <http://bugzilla.redhat.com/220312>.
+	* NEWS: List this bug fix.
+	* THANKS: Mention him.
+	* tests/misc/cut: New file.
+	* tests/misc/Makefile.am (TESTS): Add cut.
+
 2006-12-15  Jim Meyering  <jim@meyering.net>
 
 	* tests/cp/open-perm-race: Correct the gdb-existence check.
diff --git a/NEWS b/NEWS
index 528c2b024..d4e73a83d 100644
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,10 @@ GNU coreutils NEWS                                    -*- outline -*-
   chmod no longer fails in an environment (e.g., a chroot) with openat
   support but with insufficient /proc support.
 
+  cut no longer dumps core for usage like "cut -f2- f1 f2" with two or
+  more file arguments.  This was due to a double-free bug, introduced
+  in coreutils-5.3.0.
+
 * Noteworthy changes in release 6.7 (2006-12-08) [stable]
 
 ** Bug fixes
diff --git a/THANKS b/THANKS
index 986167d54..fb49eca69 100644
--- a/THANKS
+++ b/THANKS
@@ -208,6 +208,7 @@ Ivo Timmermans                      ivo@debian.org
 James                               james@albion.glarp.com
 James Antill                        jmanti%essex.ac.uk@seralph21.essex.ac.uk
 James Lemley                        James.Lemley@acxiom.com
+James Hunt                          jamesodhunt@hotmail.com
 James Sneeringer                    jvs@ocslink.com
 James Tanis                         jtt@soscorp.com
 James Youngman                      james+usenet@free-lunch.demon.co.uk
diff --git a/src/cut.c b/src/cut.c
index 73277faa3..c9b83595a 100644
--- a/src/cut.c
+++ b/src/cut.c
@@ -606,6 +606,7 @@ cut_fields (FILE *stream)
 	  if (len < 0)
 	    {
 	      free (field_1_buffer);
+	      field_1_buffer = NULL;
 	      if (ferror (stream) || feof (stream))
 		break;
 	      xalloc_die ();
diff --git a/tests/misc/Makefile.am b/tests/misc/Makefile.am
index 8ff26e720..20ebeeb67 100644
--- a/tests/misc/Makefile.am
+++ b/tests/misc/Makefile.am
@@ -36,6 +36,7 @@ TESTS_ENVIRONMENT = \
 # will execute the test script rather than the standard utility.
 
 TESTS = \
+  cut \
   wc-files0-from \
   wc-files0 \
   cat-proc \
diff --git a/tests/misc/cut b/tests/misc/cut
new file mode 100755
index 000000000..3db4c9bae
--- /dev/null
+++ b/tests/misc/cut
@@ -0,0 +1,51 @@
+#!/bin/sh
+# Test "cut".                                                   -*- perl -*-
+
+# Copyright (C) 2006 Free Software Foundation, Inc.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301, USA.
+
+: ${PERL=perl}
+: ${srcdir=.}
+
+$PERL -e 1 > /dev/null 2>&1 || {
+  echo 1>&2 "$0: configure didn't find a usable version of Perl," \
+    "so can't run this test"
+  exit 77
+}
+
+exec $PERL -w -I$srcdir/.. -MCoreutils -- - <<\EOF
+require 5.003;
+use strict;
+
+(my $ME = $0) =~ s|.*/||;
+
+# Turn off localisation of executable's ouput.
+@ENV{qw(LANGUAGE LANG LC_ALL)} = ('C') x 3;
+
+my @Tests =
+  (
+  # Provoke a double-free in cut from coreutils-6.7.
+  ['dbl-free', '-f2-', {IN=>{f=>'x'}}, {IN=>{g=>'y'}}, {OUT=>"x\ny\n"}],
+  );
+
+my $save_temps = $ENV{DEBUG};
+my $verbose = $ENV{VERBOSE};
+
+my $prog = 'cut';
+my $fail = run_tests ($ME, $prog, \@Tests, $save_temps, $verbose);
+exit $fail;
+EOF
author	Jim Meyering <jim@meyering.net>	2006-12-20 14:25:55 +0100
committer	Jim Meyering <jim@meyering.net>	2006-12-20 14:25:55 +0100
commit	d69fc66d81c7166fe689418f42b7cb900d2a1433 (patch)
tree	d5892567bd10b245328d8da36bef287a0d1ede41
parent	4e48b4ce334cb601dbbe2562e3aa410dc3ef3fba (diff)
download	coreutils-d69fc66d81c7166fe689418f42b7cb900d2a1433.tar.xz