Bug 4664 - Infinite loop on files > 2Gb
Summary: Infinite loop on files > 2Gb
Alias: None
Product: rsync
Classification: Unclassified
Component: core (show other bugs)
Version: 2.6.9
Hardware: Other Windows XP
: P3 normal (vote)
Target Milestone: ---
Assignee: Wayne Davison
QA Contact: Rsync QA Contact
Depends on:
Reported: 2007-05-27 09:17 UTC by Steven Hartland
Modified: 2010-08-21 15:53 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Steven Hartland 2007-05-27 09:17:19 UTC
I'm using rsync to sync DB files from a FreeBSD box to a Windows XP box under interix. Until today everything was fine but now as soon as the windows box hits one file which is now greater than 2Gb it goes into an infinite loop in generator.c:sum_sizes_sqroot

The code at fault seems to be:
for (l = len; l >>= 1; b += 2) {}

Here's the stack:
#0  0x00402ae3 in sum_sizes_sqroot (sum=0x8bf530, len=-2073107852) at generator.c:455
#1  0x00402c56 in generate_and_send_sums (fd=5, len=-2073107852, f_out=4, f_copy=-1) at generator.c:490
#2  0x00405035 in recv_generator (fname=0x8bfc40 "gf_profile_file.MYD", file=0x1788f8, ndx=517, itemizing=1, maybe_ATTRS_REPORT=1, 
code=FLOG, f_out=4) at generator.c:1338
#3  0x00405400 in generate_files (f_out=4, flist=0x144ac0, local_name=0x0) at generator.c:1420
#4  0x0040f32c in do_recv (f_in=5, f_out=4, flist=0x144ac0, local_name=0x0) at main.c:764
#5  0x0040fa5e in client_run (f_in=5, f_out=4, pid=1713, argc=1, argv=0x12461c) at main.c:1003
#6  0x0040ffb7 in start_client (argc=1, argv=0x12461c) at main.c:1171
#7  0x004104d3 in main (argc=2, argv=0x124618) at main.c:1381

Here's the locals:
c = 2147026704
l = -1
b = 262474876
len = -2073107852
blength = 700
s2length = 9174100

As we can see l is -1 which I believe is the issue. I can understand it not being able to deal with the given file given the 32bit file size restrictions but Im sure an infinite loop is not the best result so any advice would be appreciated.
Comment 1 Wayne Davison 2010-08-21 15:53:39 UTC
I'm committing a fix that checks if the size is negative, and returns an error.  This avoids the infinite loop.