tests: trigger the sort -u free-memory-read bug

* tests/misc/sort-u-FMR: New file.
* tests/Makefile.am (TESTS): Add it.
* tests/misc/sort: Add the test here, too.
* NEWS (Bug fixes): Mention it.

diff --git a/NEWS b/NEWS
index f39a76ae68d6f0dd12af56febbebb42f983b4c77..1737235d073847e69219df7559cf8c489a083545 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -14,6 +14,11 @@ GNU coreutils NEWS                                    -*- outline -*-
   (yes 7 | head -11; echo 1) | sort --p=1 -S32b -u
   [bug introduced in coreutils-8.6]
 
+  sort -u could read freed memory.
+  For example, this evokes a read from freed memory:
+  perl -le 'print "a\n"."0"x900'|valgrind sort --p=1 -S32b -u>/dev/null
+  [bug introduced in coreutils-8.6]
+
 ** New features
 
   rm now accepts the --dir (-d) option which makes it remove empty directories.

diff --git a/gnulib b/gnulib
index 39cedf6f427350ac47118d231c05a7b73b609f89..bc33a8a0c77285b2bdb5c5d0a4243f7b442a0293 160000 (submodule)
--- a/gnulib
+++ b/gnulib
@@ -1 +1 @@
-Subproject commit 39cedf6f427350ac47118d231c05a7b73b609f89
+Subproject commit bc33a8a0c77285b2bdb5c5d0a4243f7b442a0293

diff --git a/tests/Makefile.am b/tests/Makefile.am
index 09d2658e789252cac8e3845311f46ed44914b94a..69078bdd299ac5720b5d747d840300c6ec0ebe12 100644 (file)
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -260,6 +260,7 @@ TESTS =                                             \
   misc/sort-unique-segv                                \
   misc/sort-version                            \
   misc/sort-NaN-infloop                                \
+  misc/sort-u-FMR                              \
   split/filter                                 \
   split/suffix-auto-length                     \
   split/suffix-length                          \

diff --git a/tests/misc/sort b/tests/misc/sort
index 4e5116155a50efdd750262e6da61eed41e220bc5..10d1e5fbd9fc5cf79661be2764cd046cfc9f0c8a 100755 (executable)
--- a/tests/misc/sort
+++ b/tests/misc/sort
@@ -237,6 +237,10 @@ my @Tests =
   {IN=>"a 7\n"x10 . "b 1\n"}, {OUT=>"b 1\na 7\n"}],
 ["unique-key-x86_64", '-u -k2,2 --p=1 -S32b',
   {IN=>"a 7\n"x11 . "b 1\n"}, {OUT=>"b 1\na 7\n"}],
+# Before 8.19, this would trigger a free-memory read.
+["unique-free-mem-read", '-u --p=1 -S32b',
+  {IN=>"a\n"."b"x900 ."\n"},
+ {OUT=>"a\n"."b"x900 ."\n"}],
 
 # From Erick Branderhorst -- fixed around 1.19e
 ["16a", '-f',

diff --git a/tests/misc/sort-u-FMR b/tests/misc/sort-u-FMR
new file mode 100755 (executable)
index 0000000..303b429
--- /dev/null
+++ b/tests/misc/sort-u-FMR
@@ -0,0 +1,29 @@
+#!/bin/sh
+# Before 8.19, this would trigger a free-memory read.
+
+# Copyright (C) 2012 Free Software Foundation, Inc.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+. "${srcdir=.}/init.sh"; path_prepend_ ../src
+print_ver_ sort
+require_valgrind_
+
+{ echo 0; printf '%0900d\n' 1; } > in || framework_failure_
+
+valgrind --error-exitcode=1 sort --p=1 -S32b -u in > out || fail=1
+
+compare in out || fail=1
+
+Exit $fail