On Fri, Aug 12, 2016 at 9:35 AM, Jim Meyering wrote: > On Fri, Aug 12, 2016 at 7:22 AM, Bastian Beischer > wrote: >> Hello, >> >> Please try to run diff3 from diffutils 3.4 as follows: >> >> echo a > a.txt >> echo b > b.txt >> echo c > c.txt >> diff3 a.txt b.txt c.txt ... >> There was only one commit in src/diff3.c between 3.3 and 3.4: >> >> http://git.savannah.gnu.org/cgit/diffutils.git/commit/src?id=3b74a905c5460e7979c53273ac90345860d001a7 >> >> Reverting this commit fixes the issue. > > Yikes. > Thank you for the report. > I confirm that that patch is erroneous, and will prepare a complete > fix (adding your test and a NEWS entry) shortly. > Looks like diffutils-3.5 will have to be released pretty soon. I've reverted that, added your test case and updated NEWS with a commit in your name. Please review that first commit, in the attached. diff3: fix heap use-after-free; add minimal diff3 test coverage I have also made two other changes: maint: require that commit messages be of a certain form diff3: fix leaks, for real The first of those enforces some modicum of sanity on commit log messages, and might have prevented the offending commit. This is largely copied from what I did for coreutils. The final change actually does plug diff3's leaks. The minimal test cases did not exercise the code to handle multiple diff blocks, so I added one that does. One can argue that explicitly freeing some of those buffers is not required, so I have made it so that nearly all of the code added by this fix can be compiled out.