From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 29908 invoked by alias); 17 Feb 2014 17:25:14 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 29897 invoked by uid 89); 17 Feb 2014 17:25:13 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.1 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 X-HELO: smtpout06.bt.lon5.cpcloud.co.uk Received: from smtpout06.bt.lon5.cpcloud.co.uk (HELO smtpout06.bt.lon5.cpcloud.co.uk) (65.20.0.126) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 17 Feb 2014 17:25:12 +0000 X-CTCH-RefID: str=0001.0A090208.530245F5.0023,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0 X-Junkmail-Premium-Raw: score=7/97,refid=2.7.2:2014.2.10.91215:17:7.944,ip=,rules=__MOZILLA_MSGID, __HAS_MSGID, __SANE_MSGID, __FW_1LN_BOT_MSGID, __HAS_FROM, __USER_AGENT, __MOZILLA_USER_AGENT, __MIME_VERSION, __TO_MALFORMED_2, __TO_NO_NAME, __BOUNCE_CHALLENGE_SUBJ, __BOUNCE_NDR_SUBJ_EXEMPT, __SUBJ_ALPHA_END, __IN_REP_TO, __CT, __CT_TEXT_PLAIN, __CTE, __ANY_URI, __URI_NO_MAILTO, __URI_NO_WWW, __URI_NO_PATH, __SUBJ_ALPHA_NEGATE, __FORWARDED_MSG, BODYTEXTP_SIZE_3000_LESS, BODY_SIZE_1800_1899, __MIME_TEXT_ONLY, HTML_00_01, HTML_00_10, BODY_SIZE_5000_LESS, BODY_SIZE_2000_LESS, BODY_SIZE_7000_LESS X-CTCH-Spam: Unknown Received: from [192.168.1.72] (86.174.32.243) by smtpout06.bt.lon5.cpcloud.co.uk (8.6.100.99.10223) (authenticated as jonturney@btinternet.com) id 52F0E43800D41049 for cygwin@cygwin.com; Mon, 17 Feb 2014 17:25:08 +0000 Message-ID: <53024604.3080904@dronecode.org.uk> Date: Tue, 18 Feb 2014 03:53:00 -0000 From: Jon TURNEY User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: cygwin@cygwin.com Subject: Re: Patch for run-1.3.0-1 core dump References: <5208EF91.7070504@cwilson.fastmail.fm> In-Reply-To: <5208EF91.7070504@cwilson.fastmail.fm> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-SW-Source: 2014-02/txt/msg00454.txt.bz2 On 12/08/2013 15:22, Charles Wilson wrote: > On 8/10/2013 1:34 PM, foo wrote: >> Whenever I execute run.exe, it generates run.exe.stackdump. >> >> At line 370 in run.c, run2_freeargv() tries to free newargv, and >> run2_freeqrgv() expects that newargv is terminated by NULL. However, >> in shifting newargv at line 253-256, it fails to shift NULL >> terminator. Therefore, run2_freeargv() frees memory illegally. >> The following patch is a workaround. >> >> --- run.c.old >> +++ run.c.new >> @@ -252,7 +252,7 @@ >> newargv = run2_dupargv (argv); >> /* discard newargv[0] and shift up */ >> free (newargv[0]); >> - for (newargc = 1; newargc < argc; newargc++) >> + for (newargc = 1; newargv[newargc-1] != NULL; newargc++) >> newargv[newargc-1] = newargv[newargc]; >> newargc = argc - 1; > > Thanks for the bug report and the patch. I'll investigate and update the > package soon. Since I've been running with CYGWIN error_start always set at the moment, I've noticed that run is always crashing after launching the process. I went to all the trouble of investigating this, discovering that run2_freeargv() is double-freeing the last element in newargv because the NULL terminator isn't moved when the arguments are shifted down over newargv[0], and writing a patch, before I noticed that we already had one :-( --- origsrc/run-1.3.0/src/run.c 2013-07-24 16:26:39.000000000 +0100 +++ src/run-1.3.0/src/run.c 2014-02-17 17:08:49.125000000 +0000 @@ -254,6 +254,7 @@ realMain(int argc, char* argv[]) free (newargv[0]); for (newargc = 1; newargc < argc; newargc++) newargv[newargc-1] = newargv[newargc]; + newargv[argc-1] = 0; newargc = argc - 1; /* update execname */ -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple