bin/95715: /usr/games/random busy loop under some conditions
Li-Lun Wang (Leland Wang)
llwang at infor.org
Thu Apr 13 23:40:19 UTC 2006
>Number: 95715
>Category: bin
>Synopsis: /usr/games/random busy loop under some conditions
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Apr 13 23:40:18 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Li-Lun Wang (Leland Wang)
>Release: FreeBSD 6.0-RELEASE-p4 i386
>Organization:
>Environment:
System: FreeBSD Athena.infor.org 6.0-RELEASE-p4 FreeBSD 6.0-RELEASE-p4 #3: Thu Jan 26 23:44:20 CST 2006 root at Athena.infor.org:/usr/obj/usr/src/sys/Athena i386
>Description:
In randomize_fd() in randomize_fd.c, when buf is full and i == buflen in
line 132, it doubles buf in line 151 and tries to read the remaining of
the line in line 157. It sets buflen to len in line 164 (which is also
incorrect), but then buflen is doubled in line 169.
As a result, when this line completes, i <= buflen still holds because
buflen has been doubled after it was set, and thus the condition in line
132 will not be true. The for loop in line 131 decrements bufleft below
zero, making neither the condition in line 117 nor that in line 131 to
hold, no further input line be read, and it loops forever.
Modified files:
games/random randomize_fd.c
>How-To-Repeat:
$ random -f -
1
12
(the program begins to loop here)
>Fix:
--- randomize_fd.c.orig Thu Apr 13 17:20:56 2006
+++ randomize_fd.c Thu Apr 13 18:23:18 2006
@@ -153,20 +153,20 @@
err(1, "realloc");
buf = p;
+ buflen *= 2;
if (!eof) {
- len = read(fd, &buf[i], buflen);
+ len = read(fd, &buf[i], buflen - i);
if (len == -1)
err(1, "read");
else if (len == 0) {
eof++;
break;
} else if (len < (ssize_t)(buflen - i))
- buflen = (size_t)len;
+ buflen = i + (size_t)len;
bufleft = (int)len;
}
- buflen *= 2;
}
}
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list