Segmentation fault on lines > RECSIZE using --csv

Question

Segmentation fault on lines > RECSIZE using --csv

nicolagi opened this issue 4 months ago · 5 comments

Hi, on my system

Linux wes 6.1.0-23-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.99-1 (2024-07-15) x86_64 GNU/Linux

awk segfaults on lines >RECSIZE (i.e., 8192) bytes. (To work around that, I defined a bigger RECSIZE.) IIUC, valgrind reports a read of freed memory:

% valgrind ./a.out --csv 0 <longlines
...
==978231== Command: ./a.out --csv 0
==978231== 
==978231== Invalid read of size 1
==978231==    at 0x1190C9: is_valid_number (lib.c:888)
==978231==    by 0x116A98: getrec (lib.c:190)
==978231==    by 0x1197B0: program (run.c:197)
==978231==    by 0x1195F7: execute (run.c:166)
==978231==    by 0x1194BB: run (run.c:141)
==978231==    by 0x113628: main (main.c:257)
==978231==  Address 0x4b2e4f0 is 0 bytes inside a block of size 8,192 free'd
==978231==    at 0x484582F: realloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==978231==    by 0x1193F5: adjbuf (run.c:122)
==978231==    by 0x117122: readcsvrec (lib.c:317)
==978231==    by 0x116CB8: readrec (lib.c:234)
==978231==    by 0x1169DD: getrec (lib.c:179)
==978231==    by 0x1197B0: program (run.c:197)
==978231==    by 0x1195F7: execute (run.c:166)
==978231==    by 0x1194BB: run (run.c:141)
==978231==    by 0x113628: main (main.c:257)
==978231==  Block was alloc'd at
==978231==    at 0x48407B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==978231==    by 0x116372: recinit (lib.c:67)
==978231==    by 0x113534: main (main.c:238)
...

Answer 1 · 2024-07-26T15:57:35.000Z

interesting. sorry, can't reproduce this anywhere I typically test awk. [ubuntu/mint 22, mac os x, freebsd 14.1]

./a.out '{print NR ":", length($0), NF }' verylonglines.txt 
1: 13771 1279
2: 27541 2557
3: 41311 3835
4: 41311 3835
5: 13771 1279
6: 13771 1279
7: 62461 1

Answer 2 · 2024-07-26T18:24:05.000Z

@plan9 Your example made me realize that I only get the segfault with --csv. So, awk --csv 1 <longlines would give me segfault, but not awk 1 <longlines.

Answer 3 · 2024-07-26T20:17:35.000Z

I replaced my unhelpful diff at the top (it only worked because I forgot a call to free 🙈) with valgrind's output, which I installed for the occasion; hopefully that helps. Apologies for omitting that I was using CSV, at first.

Answer 4 · 2024-07-27T04:15:59.000Z

thanks for spotting this.

Answer 5 · 2024-07-28T03:56:02.000Z

hi Nicola, found the bug. will release a fixed version in a day or two.