From 3afda5f0076beca786ecbe90875828eb6988a964 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Tue, 30 Nov 2010 22:30:12 +0100 Subject: sort -u: fix a thread-race pointer corruption bug * src/sort.c (write_unique): Save the entire "struct line", not just a pointer to one. Otherwise, with a multi-thread run, sometimes, with some inputs, fillbuf would would win a race and clobber a "saved->text" pointer in one thread just before it was dereferenced in a comparison in another thread. * NEWS (Bug fixes): Mention it. --- src/sort.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/sort.c b/src/sort.c index 7e25f6a0b..1aa1eb416 100644 --- a/src/sort.c +++ b/src/sort.c @@ -3226,13 +3226,13 @@ queue_pop (struct merge_node_queue *queue) static void write_unique (struct line const *line, FILE *tfp, char const *temp_output) { - static struct line const *saved = NULL; + static struct line saved; if (!unique) write_line (line, tfp, temp_output); - else if (!saved || compare (line, saved)) + else if (!saved.text || compare (line, &saved)) { - saved = line; + saved = *line; write_line (line, tfp, temp_output); } } -- cgit v1.2.3-54-g00ecf