Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10 6/7/83; site hao.UUCP Path: utzoo!linus!decvax!harpo!seismo!hao!pag From: pag@hao.UUCP (Peter Gross) Newsgroups: net.news.b Subject: Bug fixes for expire infinite loop Message-ID: <858@hao.UUCP> Date: Wed, 15-Feb-84 14:05:54 EST Article-I.D.: hao.858 Posted: Wed Feb 15 14:05:54 1984 Date-Received: Thu, 16-Feb-84 05:59:42 EST Organization: High Altitude Obs./NCAR, Boulder CO Lines: 106 The expire infinite loop bug was caused by two separate problems. The problem likely only shows up on PDP-11/70's, but could eventually occur on any non-virtual memory UNIX, as a segmentation violation. 1. In header.c, hread() didn't check the return value of malloc() when it dynamically allocated memory for "unrecognized" header fields. Normally this would cause a segmentation violation when the NULL pointer was used as a store address. But because it was used as an argument to strcpy(), nothing (noticeable) happened. Try it, campers: strcpy(NULL, "any old string") does not cause a SIGSEGV (at least on PDP-11/70's when compiled sep i/d)! 2. In expire the code reads through the existing history file, processing lines one at a time, checking for expiration, removing expired articles, remaking a new history file and associated dbm files. Well as times goes on, the cumulative effect of doing hread()'s on articles with unrecognized header lines eventually uses up all the free memory. But hread() keeps on doing its strcpy(h.unrec[blotto],). This drives every- thing bonzo .... expire blows its cookies, store() stops working, and somehow the article which couldn't malloc() any more memory starts looping in the nhistory file. Ouch! Here are the fixes, first to header.c and second to expire.c: *** header.orig.c Wed Feb 15 11:48:56 1984 --- header.c Wed Feb 15 11:47:48 1984 *************** *** 213,218 case OTHER: if (unreccnt < NUNREC) { hp->unrec[unreccnt] = malloc(strlen(bfr) + 1); strcpy(hp->unrec[unreccnt], bfr); unreccnt++; } --- 215,222 ----- case OTHER: if (unreccnt < NUNREC) { hp->unrec[unreccnt] = malloc(strlen(bfr) + 1); + if(hp->unrec[unreccnt] == (char *) NULL) + xerror("frmread out of memory\n"); strcpy(hp->unrec[unreccnt], bfr); unreccnt++; } *** expire.orig.c Wed Feb 15 11:49:29 1984 --- expire.c Wed Feb 15 11:47:46 1984 *************** *** 211,216 ohfd = xfopen(ARTFILE, "r"); nhfd = xfopen(NARTFILE, "w"); } while (TRUE) { if (nohistory) { --- 214,221 ----- ohfd = xfopen(ARTFILE, "r"); nhfd = xfopen(NARTFILE, "w"); } + for(i=0;i