Control: severity -1 grave
On Tue, 25 Jul 2023 at 15:21:47 -0500, David Starner wrote:
> prosfilaes@asimov:~/temp/temp2/temp/temp2$ for i in `seq 1 100`; do
> touch $i; done
> prosfilaes@asimov:~/temp/temp2/temp/temp2$ mmv "*0" "#1"
> realloc(): invalid pointer
> Aborted
This appears to be a regression since bookworm's version 2.3, and is
causing FTBFS in nbsdgames (which makes a relatively simple use of mmv).
With valgrind:
==402021== Invalid free() / delete / delete[] / realloc()
==402021== at 0x484582F: realloc (vg_replace_malloc.c:1437)
==402021== by 0x10F608: xreallocarray (xmalloc.c:84)
==402021== by 0x10F608: x2nrealloc (xmalloc.c:203)
==402021== by 0x10C5CF: takedir (mmv.c:676)
==402021== by 0x10C5CF: checkdir (mmv.c:736)
==402021== by 0x10D3C6: dostage (mmv.c:1024)
==402021== by 0x10B93C: matchpat (mmv.c:1259)
==402021== by 0x10B93C: domatch (mmv.c:1278)
==402021== by 0x10B93C: main (mmv.c:1749)
==402021== Address 0x4ed8e40 is in a rw- anonymous segment
==402021==
mmv: memory exhausted
An even simpler reproducer is:
touch `seq 1 9`
mmv '*' '#1'
It crashes when there are 9 files, but not when there are only 8. I think
this is because INITROOM is 10, so there is enough space initially
allocated for files 1-8 + '.' + '..', but a 9th file needs a realloc().
I think this is happening because mmv overrides malloc, realloc, etc.
to be GC_malloc, GC_realloc, etc. using #define, but then x2nrealloc()
calls the original reallocarray() from glibc, which is not overridden.
smcv
