From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=0.2 required=5.0 tests=DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM autolearn=no autolearn_force=no version=3.4.4 Received: (qmail 32073 invoked from network); 5 Feb 2021 19:45:04 -0000 Received: from 1ess.inri.net (216.126.196.35) by inbox.vuxu.org with ESMTPUTF8; 5 Feb 2021 19:45:04 -0000 Received: from mail-wm1-f51.google.com ([209.85.128.51]) by 1ess; Fri Feb 5 09:24:04 -0500 2021 Received: by mail-wm1-f51.google.com with SMTP id l12so6181425wmq.2 for <9front@9front.org>; Fri, 05 Feb 2021 06:23:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:to:cc:subject:date:mime-version :content-transfer-encoding; bh=vLHxbZaUi3RDFSUh6WN6/RiDXDEwoBFQutcQlK+38VE=; b=ubYhyXOiZlZPAB3ZmFgtvS3F1reuptGl9pNeKNp73NVvg2lJQqSZaSQRVrrN3dCOK5 Nu48gqJlCGwwjcw4Jflm6VZJiQIh7kvx2h6ZjpBfCRcic7xkQ3E9NCZ1uf6w7Wldoah+ AC0E+B5Uo1BbS7i8sgRGDR5owuH6b8KQSB9u2y073jcAcEKvoEPP9378cSSMvAbZpF7T NO0KLR4XQNyeCyBm5f+uOA8mvYtC0jKYcxFXbLgDQmqq3EkhKPjpVqxUFrPwoRTZ0w+z irC45fJnlvWszTs2gfmrYL2cH4ulbPpu/pjJfODVxv3RHyE6B6E1lhSKjJEhW65Ap4qz yq5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:to:cc:subject:date:mime-version :content-transfer-encoding; bh=vLHxbZaUi3RDFSUh6WN6/RiDXDEwoBFQutcQlK+38VE=; b=PseQj0I31OZpx6d0r3XB3AMNLuF84DDwTrKJhHD7ZAVR3WihDZ3EYcmYEe4+i5xokp ivZ1k0QD6qZs/DHddHyeBWYo0sUHuFaQK0TjrY55jK11xGrzKAnx/9Eu6ALJwZ5LnHO7 ZKWJBCvAkaT82yOOIV6JZPL+rdCQVtnYPfLWBSrOhCKoay5bLOXFFDAMeSuSbCjw5Lv5 DW5Rf7Y/AeTBLfZ1stl6neuFE5IWDojccHS3Cln+xnaeH5WZoCMKivGDy5KzQht/ohJ+ +LY451Dta/Ea71ve3bMXv/XCNvMTVSKT7KI3LKNseh0Yfa8Sm9BsfmZoP2V/Jd4dvYKd raRg== X-Gm-Message-State: AOAM533bCNXCYVfhf5J4y+SAuOxenlpW08bPnDIcVhaxAxWd2HezHp3y wjw6s5Xxrb0o+d/YRnROSWY= X-Google-Smtp-Source: ABdhPJxdbYc4QzTdx1H1yWoy3oEnZOwP+iabMPjKw+yxwCFzKnnAEy/cyYR8bo5DihCtvab3Wj2TLA== X-Received: by 2002:a1c:730f:: with SMTP id d15mr3766888wmb.135.1612535034701; Fri, 05 Feb 2021 06:23:54 -0800 (PST) Return-Path: Received: from term.home ([185.64.155.70]) by smtp.gmail.com with ESMTPSA id u142sm9317378wmu.3.2021.02.05.06.23.53 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Fri, 05 Feb 2021 06:23:54 -0800 (PST) From: boehm.igor@gmail.com X-Google-Original-From: igor@gmail.com Message-ID: <8ABC6FF5D8A3DFFF93D6366A92456023@gmail.com> To: 9front@9front.org CC: boehm.igor@gmail.com Date: Fri, 05 Feb 2021 15:23:51 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: progressive module deep-learning-based reduce/map-scale high-performance-oriented framework Subject: [9front] cmd/acme: fix suicide *and* resource leak in ecmd.c (patch) Reply-To: 9front@9front.org Precedence: bulk Here is a patch (second attempt) that fixes a (1) suicide and (2) memory leak in acme/ecmd.c (full explanation with reproducible test instructions below): diff -r d9e940a768d1 sys/src/cmd/acme/ecmd.c --- a/sys/src/cmd/acme/ecmd.c Mon Oct 19 01:20:29 2020 +0200 +++ b/sys/src/cmd/acme/ecmd.c Fri Feb 05 14:18:06 2021 +0100 @@ -132,11 +132,11 @@ { File *f; - f = w->body.file; switch(editing){ case Inactive: return "permission denied"; case Inserting: + f = w->body.file; eloginsert(f, q, r, nr); return nil; case Collecting: @@ -157,11 +157,13 @@ if(nr == 0) return nil; r = skipbl(r, nr, &nr); - if(r[0] != '<') - return runestrdup(r); - /* use < command to collect text */ clearcollection(); - runpipe(t, '<', r+1, nr-1, Collecting); + if(r[0] != '<'){ + if((collection = runestrdup(r)) != nil) + ncollection += runestrlen(r); + }else + /* use < command to collect text */ + runpipe(t, '<', r+1, nr-1, Collecting); return collection; } To reproduce the suicide issue try running the following in acme: • 'Edit B cpu% broke echo kill>/proc/333310/ctl # acme cpu% acid 333310 /proc/333310/text:amd64 plan 9 executable /sys/lib/acid/port /sys/lib/acid/amd64 acid: lstk() edittext(nr=0x31,q=0x0,r=0x45aa10)+0x8 /sys/src/cmd/acme/ecmd.c:135 xfidwrite(x=0x461230)+0x28a /sys/src/cmd/acme/xfid.c:479 w=0x0 qid=0x5 fc=0x461390 t=0x1 nr=0x100000031 r=0x45aa10 eval=0x3100000000 a=0x405621 nb=0x500000001 err=0x419310 q0=0x100000000 tq0=0x80 tq1=0x8000000000 buf=0x41e8d800000000 xfidctl(arg=0x461230)+0x35 /sys/src/cmd/acme/xfid.c:52 x=0x461230 launcheramd64(arg=0x461230,f=0x22357e)+0x10 /sys/src/libthread/amd64.c:11 0xfefefefefefefefe ?file?:0 The suicide issue is caused by the following chain of events: • /sys/src/cmd/acme/ecmd.c:/^edittext is called at /sys/src/cmd/acme/xfid.c:479 passing nil as its first parameter: ... case QWeditout: r = fullrunewrite(x, &nr); if(w) err = edittext(w, w->wrselrange.q1, r, nr); else err = edittext(nil, 0, r, nr); ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ... ...and /sys/src/cmd/acme/ecmd.c:/^edittext merrily dereferences the first parameter that is *nil* at the first statement: char* edittext(Window *w, int q, Rune *r, int nr) { File *f; f = w->body.file; ^^^^^^^^^^^^^^^^^^^^^ THIS BLOWS UP IF w IS nil switch(editing){ ... Moving the the derefernce of 'w' into the case where it is actually needed (see above patch) fixes the suicude bug. The memory leak is fixed properly in this second patch attempt, namely in /sys/src/cmd/acme/ecmd.c:/^filelist. The current implementation of filelist(...) breaks the contract with its caller, thereby leading to a memory leak in /sys/src/cmd/acme/ecmd.c:/^B_cmd and /sys/src/cmd/acme/ecmd.c:/^D_cmd. The contract /sys/src/cmd/acme/ecmd.c:/^filelist seems to have with its callers is that in case of success it fills up a 'collection' variable that callers can then clear with a call to clearcollection(...). The fix above honours this contract and thereby removes the leak without requiring the weird check and free in B_cmd and D_cmd I had earlier. After you apply the patch the following two tests should succeed: • Execute by select and middle click in a Tag: 'Edit B lib/profile' • Execute by select and middle click in a Tag: 'Edit B