"cut -f 2- A B" no longer triggers a double-free bug

* src/cut.c (cut_fields): Set file-scoped global to NULL after
freeing it.  This avoids a double-free (and core dump on some systems)
for this usage: "echo 1>a; echo 2>b; cut -f2- a b".  Reported by
James Hunt in <http://bugzilla.redhat.com/220312>.
* NEWS: List this bug fix.
* THANKS: Mention him.
* tests/misc/cut: New file.
* tests/misc/Makefile.am (TESTS): Add cut.

ChangeLog

@@ -1,3 +1,15 @@
+2006-12-20  Jim Meyering  <jim@meyering.net>
+
+	"cut -f 2- A B" no longer triggers a double-free bug
+	* src/cut.c (cut_fields): Set file-scoped global to NULL after
+	freeing it.  This avoids a double-free (and core dump on some systems)
+	for this usage: "echo 1>a; echo 2>b; cut -f2- a b".  Reported by
+	James Hunt in <http://bugzilla.redhat.com/220312>.
+	* NEWS: List this bug fix.
+	* THANKS: Mention him.
+	* tests/misc/cut: New file.
+	* tests/misc/Makefile.am (TESTS): Add cut.
+
 2006-12-15  Jim Meyering  <jim@meyering.net>
 
 	* tests/cp/open-perm-race: Correct the gdb-existence check.

NEWS

@@ -10,6 +10,10 @@ GNU coreutils NEWS                                    -*- outline -*-
   chmod no longer fails in an environment (e.g., a chroot) with openat
   support but with insufficient /proc support.
 
+  cut no longer dumps core for usage like "cut -f2- f1 f2" with two or
+  more file arguments.  This was due to a double-free bug, introduced
+  in coreutils-5.3.0.
+
 * Noteworthy changes in release 6.7 (2006-12-08) [stable]
 
 ** Bug fixes

THANKS

@@ -208,6 +208,7 @@ Ivo Timmermans                      ivo@debian.org
 James                               james@albion.glarp.com
 James Antill                        jmanti%essex.ac.uk@seralph21.essex.ac.uk
 James Lemley                        James.Lemley@acxiom.com
+James Hunt                          jamesodhunt@hotmail.com
 James Sneeringer                    jvs@ocslink.com
 James Tanis                         jtt@soscorp.com
 James Youngman                      james+usenet@free-lunch.demon.co.uk

src/cut.c

@@ -606,6 +606,7 @@ cut_fields (FILE *stream)
 	  if (len < 0)
 	    {
 	      free (field_1_buffer);
+	      field_1_buffer = NULL;
 	      if (ferror (stream) || feof (stream))
 		break;
 	      xalloc_die ();

tests/misc/Makefile.am

@@ -36,6 +36,7 @@ TESTS_ENVIRONMENT = \
 # will execute the test script rather than the standard utility.
 
 TESTS = \
+  cut \
   wc-files0-from \
   wc-files0 \
   cat-proc \

tests/misc/cut

@@ -0,0 +1,51 @@
+#!/bin/sh
+# Test "cut".                                                   -*- perl -*-
+
+# Copyright (C) 2006 Free Software Foundation, Inc.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301, USA.
+
+: ${PERL=perl}
+: ${srcdir=.}
+
+$PERL -e 1 > /dev/null 2>&1 || {
+  echo 1>&2 "$0: configure didn't find a usable version of Perl," \
+    "so can't run this test"
+  exit 77
+}
+
+exec $PERL -w -I$srcdir/.. -MCoreutils -- - <<\EOF
+require 5.003;
+use strict;
+
+(my $ME = $0) =~ s|.*/||;
+
+# Turn off localisation of executable's ouput.
+@ENV{qw(LANGUAGE LANG LC_ALL)} = ('C') x 3;
+
+my @Tests =
+  (
+  # Provoke a double-free in cut from coreutils-6.7.
+  ['dbl-free', '-f2-', {IN=>{f=>'x'}}, {IN=>{g=>'y'}}, {OUT=>"x\ny\n"}],
+  );
+
+my $save_temps = $ENV{DEBUG};
+my $verbose = $ENV{VERBOSE};
+
+my $prog = 'cut';
+my $fail = run_tests ($ME, $prog, \@Tests, $save_temps, $verbose);
+exit $fail;
+EOF