4 messages in org.freebsd.freebsd-portsports/26698: PATCH: editors/lpe 1.2.5...| From | Sent On | Attachments |
|---|---|---|
| ry...@sasknow.com | Apr 18, 2001 8:43 pm | |
| Jimmy Olgeni | Apr 20, 2001 7:19 am | |
| Ryan Thompson | Apr 20, 2001 2:09 pm | |
| olg...@FreeBSD.org | Apr 23, 2001 3:49 pm |
| Subject: | ports/26698: PATCH: editors/lpe 1.2.5 segfault on permission denied | |
|---|---|---|
| From: | ry...@sasknow.com (ry...@sasknow.com) | |
| Date: | Apr 18, 2001 8:43:19 pm | |
| List: | org.freebsd.freebsd-ports | |
Number: 26698 Category: ports Synopsis: PATCH: editors/lpe 1.2.5 segfault on permission denied Confidential: no Severity: non-critical Priority: high Responsible: freebsd-ports State: open Quarter: Keywords: Date-Required: Class: sw-bug Submitter-Id: current-users Arrival-Date: Thu Apr 19 02:50:01 PDT 2001 Closed-Date: Last-Modified: Originator: Ryan Thompson Release: FreeBSD 4.2-20010325-STABLE i386 Organization: Environment:
System: FreeBSD home.sasknow.net 4.2-20010325-STABLE FreeBSD 4.2-20010325-STABLE
#0: Sun Mar 25 12:57:18 GMT 2001
ro...@usw3.freebsd.org:/usr/src/sys/compile/GENERIC i386
Description:
lpe 1.2.5 as built from today's ports (nothing interesting in the commit logs anyway) will dump core without fail when a file when fopen() fails on an existing file (eg, permission denied)
The homespun die() lpe.c incorrectly tries to free() each node in the doubly linked list of lines of text in its internal storage buffer, when (portions of) that buffer may not have been initialized as a result of a premature exit.
How-To-Repeat:
chmod 000 somefile lpe somefile (as a normal user ;-)
Fix:
Solution is to prevent die() from free()ing nodes if the text buffer is null.
--- lpe.c.orig Thu Apr 19 02:16:41 2001 +++ lpe.c Thu Apr 19 03:08:30 2001 @@ -48,13 +48,17 @@ { buffer *node;
- while (the_buf->next != the_buf) + if (the_buf->text != NULL) { - node = the_buf->next; - the_buf->next = the_buf->next->next; - the_buf->next->prev = the_buf; - free(node); + while (the_buf->next != the_buf) + { + node = the_buf->next; + the_buf->next = the_buf->next->next; + the_buf->next->prev = the_buf; + free(node); + } } + free(the_buf); }
Release-Note: Audit-Trail: Unformatted:
To Unsubscribe: send mail to majo...@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message