vbindiff
vbindiff copied to clipboard
madsen
Segfault when attempting to compare with empty file (size = 0)
vbindiff segfaults when comparing a file of non-zero size to a file of zero size. While obviously a ridiculous thing to do, I just happened to attempt it by accident after a file transfer failed, leaving me with an empty file.
I've reproduced this @ 57868acae88f5c089ff31328d72aab65e89962fb. Unless someone beats me to it, I'll try to be a good neighbor and track this down, updating this issue with more information or a patch. (I might get a chance to look at it Thur/Fri this week....)
Works:
$ dd if=/dev/urandom of=test1.bin count=2
$ dd if=/dev/urandom of=test2.bin count=2
$ vbindiff test1.bin test2.bin
Failure, Segfault
$ rm test2.bin
$ touch test2.bin
$ vbindiff test1.bin test2.bin
FWIW, it appears that things eventually grind to a halt in ConWindow::putAttribs, originating the file2.display() in vbindiff.c.
Program received signal SIGSEGV, Segmentation fault.
ConWindow::putAttribs (this=0x200000000060a728, x=11, y=1, color=cFileDiff, count=2) at curses/ConWin.cpp:200
200 mvwchgat(win, y, x, count, attribStyle[color], colorStyle[color], NULL);
(gdb) bt
#0 ConWindow::putAttribs (this=0x200000000060a728, x=11, y=1, color=cFileDiff, count=2) at curses/ConWin.cpp:200
#1 0x0000000000402f51 in FileDisplay::display (this=this@entry=0x60a600 <file2>) at vbindiff.cpp:497
#2 0x0000000000402568 in main (argc=3, argv=0x7fffffffe498) at vbindiff.cpp:1863
Note that ''this'' looks a little clobbered here, in an interesting way. (Saw a few sprintf's on the way down the call stack...is that a space character that got written over that pointer?)
I'm hoping to take a closer look soon...while I was tempted to suggest a band-aid patch with a quick size check and error message, I think I'll mull it over to see if there's something a little...cleaner?
This is obviously a very old issue. Was this fixed? I just did the exact same thing and can not reproduce the issue.
VBinDiff 3.0_beta5
