Date: Wed, 4 Nov 1998 08:53:38 -0500 (EST) From: viro@math.psu.edu To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: bin/8573: [PATCH] SIGSEGV in nvi 1.79 Message-ID: <199811041353.IAA09242@hilbert.math.psu.edu>
next in thread | raw e-mail | index | archive | help
>Number: 8573
>Category: bin
>Synopsis: nvi 1.79 SIGSEGVs on any address in .exrc
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Nov 4 06:00:01 PST 1998
>Last-Modified:
>Originator: Al Viro
>Organization:
-ENOENT
>Release: FreeBSD 2.2.7-RELEASE i386
>Environment:
Any OS that doesn't like NULL dereferencing ;-/ Reproducable on
3.0, Linux, SunOS, Slowlaris...
>Description:
ex/ex.c::ex_badaddr(sp,ba,cp,nret) passes cp->name to ex_emsg()
in case when sp->ep is NULL. It doesn't check for cp!=NULL. Bad, since
in many places it is explicitly called in such setup. One of them (in
ex/ex.c):
1834: /* No addresses permitted until a file has been read in. */
1835: if (sp->ep == NULL && strchr("$0123456789'\\/?.+-^", *ecp->cp)) {
1836: ex_badaddr(sp, NULL, A_EMPTY, NUM_OK);
... which could as well be foo(*(char*)NULL)...
>How-To-Repeat:
Just put into .exrc any command with address. Plain .<whatever> will
go.
>Fix:
*** ex/ex.c Thu Oct 10 18:49:46 1996
--- ex/ex.c.new Wed Nov 4 02:32:49 1998
***************
*** 2307,2313 ****
* underlying file, that's the real problem.
*/
if (sp->ep == NULL) {
! ex_emsg(sp, cp->name, EXM_NOFILEYET);
return;
}
--- 2307,2313 ----
* underlying file, that's the real problem.
*/
if (sp->ep == NULL) {
! ex_emsg(sp, cp ? cp->name : NULL, EXM_NOFILEYET);
return;
}
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811041353.IAA09242>