Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 24 Nov 2010 17:31:05 GMT
From:      Henning Petersen <henning.petersen@t-online.de>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   bin/152549: The function catstrg() in usr.bin/xlint/lint1/tree.c is broken.
Message-ID:  <201011241731.oAOHV5pu043568@red.freebsd.org>
Resent-Message-ID: <201011241740.oAOHe6tP023835@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         152549
>Category:       bin
>Synopsis:       The function catstrg() in usr.bin/xlint/lint1/tree.c is broken.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Nov 24 17:40:06 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Henning Petersen
>Release:        FreeBSD-current
>Organization:
>Environment:
>Description:
The function catstrg() in usr.bin/xlint/lint1/tree.c is broken.

>How-To-Repeat:
	Take the following example program:

---- BEGIN -----
#include <stdio.h>
#include <stdarg.h>
#include <syslog.h>

/* PRINTFLIKE1 */
int
myprintf(char *fmt0, ...)
{
	va_list va;

	va_start(va, fmt0);
	vsyslog(LOG_DEBUG, fmt0, va);
	va_end(va);
	return 0;
}

int main(int argc, char *argv[])
{
	long h;

	h = (long) argc;
	myprintf("Usage: "
		"%ld [options]\n" , h);
	return argv[0] != NULL;
}
---- END -----

        and run
        lint -n example.c
	which will print (besides other stuff):
	myprintf: malformed format string


>Fix:
diff -u -r1.14 tree.c
--- src/usr.bin/xlint/lint1/tree.c	1 Jan 2003 18:13:44 -0000	1.14
+++ src/usr.bin/xlint/lint1/tree.c	24 Nov 2010 16:23:32 -0000
@@ -3786,6 +3786,7 @@
 			     (len2 + 1) * sizeof (wchar_t));
 		free(strg2->st_wcp);
 	}
+	strg1->st_len = len;
 	free(strg2);
 
 	return (strg1);


Patch attached with submission follows:

Index: src/usr.bin/xlint/lint1/tree.c
===================================================================
RCS file: /home/ncvs/src/usr.bin/xlint/lint1/tree.c,v
retrieving revision 1.14
diff -u -r1.14 tree.c
--- src/usr.bin/xlint/lint1/tree.c	1 Jan 2003 18:13:44 -0000	1.14
+++ src/usr.bin/xlint/lint1/tree.c	24 Nov 2010 16:23:32 -0000
@@ -3786,6 +3786,7 @@
 			     (len2 + 1) * sizeof (wchar_t));
 		free(strg2->st_wcp);
 	}
+	strg1->st_len = len;
 	free(strg2);
 
 	return (strg1);


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201011241731.oAOHV5pu043568>