| commit | 57ee5493d996b69a02d367829d579729e8b20eaf | |
| author | Jim Meyering <meyering@redhat.com> | |
| Tue, 27 Sep 2011 14:32:35 +0000 (27 16:32 +0200) | ||
| committer | Jim Meyering <meyering@redhat.com> | |
| Tue, 27 Sep 2011 14:49:51 +0000 (27 16:49 +0200) | ||
| tree | d529aabd8f561ba816e3da9f2cef70078eec1eca | treesnapshot (tar.gz zip) |
| parent | 1d0a7ed7d58cfcc2f44959fed431e7276bdf1d46 | commitdiff |
sort: avoid a NaN-induced infloop
These commands would fail to terminate:
yes -- -nan | head -156903 | sort -g > /dev/null
echo nan > F; sort -m -g F F
That can happen with any strtold implementation that includes
uninitialized data in its return value. The problem arises in the
mergefps function when bubble-sorting the two or more lines, each
from one of the input streams being merged: compare(a,b) returns 64,
yet compare(b,a) also returns a positive value. With a broken
comparison function like that, the bubble sort never terminates.
Why do the long-double bit strings corresponding to two identical
"nan" strings not compare equal? Because some parts of the result
are uninitialized and thus depend on the state of the stack.
For more details, see http://bugs.gnu.org/9612.
* src/sort.c (nan_compare): New function.
(general_numcompare): Use it rather than bare memcmp.
Reported by Aaron Denney in http://bugs.debian.org/642557.
* NEWS (Bug fixes): Mention it.
* tests/misc/sort-NaN-infloop: New file.
* tests/Makefile.am (TESTS): Add it.
These commands would fail to terminate:
yes -- -nan | head -156903 | sort -g > /dev/null
echo nan > F; sort -m -g F F
That can happen with any strtold implementation that includes
uninitialized data in its return value. The problem arises in the
mergefps function when bubble-sorting the two or more lines, each
from one of the input streams being merged: compare(a,b) returns 64,
yet compare(b,a) also returns a positive value. With a broken
comparison function like that, the bubble sort never terminates.
Why do the long-double bit strings corresponding to two identical
"nan" strings not compare equal? Because some parts of the result
are uninitialized and thus depend on the state of the stack.
For more details, see http://bugs.gnu.org/9612.
* src/sort.c (nan_compare): New function.
(general_numcompare): Use it rather than bare memcmp.
Reported by Aaron Denney in http://bugs.debian.org/642557.
* NEWS (Bug fixes): Mention it.
* tests/misc/sort-NaN-infloop: New file.
* tests/Makefile.am (TESTS): Add it.
| NEWS | diffblobblamehistory | |
| src/sort.c | diffblobblamehistory | |
| tests/Makefile.am | diffblobblamehistory | |
| tests/misc/sort-NaN-infloop | [new file with mode: 0755] | blob |