Bug 613

Summary:	diff -b with whitespace-only changes segfaults
Product:	Busybox	Reporter:	Bernhard Reutner-Fischer <aldot>
Component:	Other	Assignee:	Matteo Croce <rootkit85>
Status:	RESOLVED FIXED
Severity:	critical	CC:	busybox-cvs
Priority:	P5
Version:	unspecified
Target Milestone:	---
Hardware:	PC
OS:	Linux
Host:	i686-linux-gnu	Target:	i686-linux-gnu
Build:	i686-linux-gnu
Attachments:	fix for diff -ibw Fix

Description Bernhard Reutner-Fischer 2009-09-17 14:04:49 UTC

$ echo " " > one
$ echo "  " > two
Starting program: /scratch/src/busybox/busybox_unstripped diff -b one two

Program received signal SIGSEGV, Segmentation fault.
0x08105cf1 in dump_unified_vec (f1=0x814e978, f2=0x814eae0)
    at editors/diff.c:775
775		lowa = MAX(1, cvp->a - opt_U_context);
(gdb) bt
#0  0x08105cf1 in dump_unified_vec (f1=0x814e978, f2=0x814eae0)
    at editors/diff.c:775
#1  0x08106355 in output (file1=0xbffff2ee "one", f1=0x814e978, 
    file2=0xbffff2f2 "two", f2=0x814eae0) at editors/diff.c:934
#2  0x0810671a in diffreg (file1=0xbffff2ee "one", file2=0xbffff2f2 "two", 
    flags=0) at editors/diff.c:1085
#3  0x08107099 in diff_main (argc=4, argv=0xbffff160) at editors/diff.c:1342
#4  0x0804f4c3 in run_applet_no_and_exit (applet_no=51, argv=0xbffff158)
    at libbb/appletlib.c:746
#5  0x0804f4f6 in run_applet_and_exit (name=0xbffff2e6 "diff", argv=0xbffff158)
    at libbb/appletlib.c:753
#6  0x0804f3ef in busybox_main (argv=0xbffff158) at libbb/appletlib.c:718
#7  0x0804f515 in run_applet_and_exit (name=0xbffff2d3 "busybox_unstripped", 
    argv=0xbffff154) at libbb/appletlib.c:755
#8  0x0804f5a4 in main (argc=5, argv=0xbffff154) at libbb/appletlib.c:808
(gdb) p cvp
$2 = (struct context_vec *) 0x0



$ valgrind ./busybox_unstripped diff -b one two
==5423== Memcheck, a memory error detector.
==5423== Copyright (C) 2002-2008, and GNU GPL'd, by Julian Seward et al.
==5423== Using LibVEX rev 1884, a library for dynamic binary translation.
==5423== Copyright (C) 2004-2008, and GNU GPL'd, by OpenWorks LLP.
==5423== Using valgrind-3.4.1-Debian, a dynamic binary instrumentation framework.
==5423== Copyright (C) 2000-2008, and GNU GPL'd, by Julian Seward et al.
==5423== For more details, rerun with: -v
==5423== 
==5423== Invalid read of size 4
==5423==    at 0x8105CF1: dump_unified_vec (diff.c:775)
==5423==    by 0x804E6AC: ??? (start.S:119)
==5423==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==5423== 
==5423== Process terminating with default action of signal 11 (SIGSEGV)
==5423==  Access not within mapped region at address 0x0
==5423==    at 0x8105CF1: dump_unified_vec (diff.c:775)
==5423==    by 0x804E6AC: ??? (start.S:119)

Comment 1 Matteo Croce 2009-09-17 15:04:38 UTC

Created attachment 655 [details]
fix for diff -ibw

This patch fixes the diff options "-ibw"

Comment 2 Matteo Croce 2009-09-17 16:29:32 UTC

$ scripts/bloat-o-meter olddiff.o newdiff.o
function                                             old     new   delta
check                                               1210    1319    +109
readhash                                             355     407     +52
diffreg                                             1439    1443      +4
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 3/0 up/down: 165/0)             Total: 165 bytes

Comment 3 Denys Vlasenko 2009-09-20 23:23:03 UTC

Created attachment 663 [details]
Fix

Please try this alternative fix. It has much better looking bloatcheck:

function                                             old     new   delta
dump_unified_vec                                     435     457     +22
diff_main                                            855     860      +5
diffreg                                             1786    1781      -5
do_diff                                              428     416     -12
change                                               325     283     -42
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/3 up/down: 27/-59)            Total: -32 bytes