From owner-freebsd-bugs Sun Apr 2 5: 0: 6 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 06CE537BD8A for ; Sun, 2 Apr 2000 05:00:03 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id FAA21432; Sun, 2 Apr 2000 05:00:02 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Date: Sun, 2 Apr 2000 05:00:02 -0700 (PDT) Message-Id: <200004021200.FAA21432@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: Anatoly Vorobey Subject: Re: bin/12242 : segmentation fault running /usr/bin/fmt Reply-To: Anatoly Vorobey Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The following reply was made to PR bin/12242; it has been noted by GNATS. From: Anatoly Vorobey To: Bruce Evans Cc: freebsd-gnats-submit@freebsd.org Subject: Re: bin/12242 : segmentation fault running /usr/bin/fmt Date: Sun, 2 Apr 2000 13:59:15 +0000 On Sun, Apr 02, 2000 at 09:01:26PM +1000, Bruce Evans wrote: > > This breaks the (outp == NOSTR) case, This case should never have been there in the first place. How about replacing outp==NOSTR by outp==outbuf throughout? Also the lines > s = (outp == NOSTR) ? 0 : outp - outbuf; > if (s + wl >= outbuf_size) { > outbuf_size *= 2; > outbuf = realloc(outbuf, outbuf_size); are somewhat funny since who said outbuf_size*2 is big enough to hold s + wl chars? Here's the patch. Tested, appears to work fine. --- fmt.c.orig Sat Aug 28 01:01:18 1999 +++ fmt.c Sun Apr 2 13:50:58 2000 @@ -65,7 +65,6 @@ /* LIZ@UOM 6/18/85 -- Don't need LENGTH any more. * #define LENGTH 72 Max line length in output */ -#define NOSTR ((char *) 0) /* Null string pointer for lint */ /* LIZ@UOM 6/18/85 --New variables goal_length and max_length */ #define GOAL_LENGTH 65 @@ -395,9 +394,9 @@ * Build up line images from the words passed in. Prefix * each line with correct number of blanks. The buffer "outbuf" * contains the current partial line image, including prefixed blanks. - * "outp" points to the next available space therein. When outp is NOSTR, + * "outp" points to the next available space therein. When outp==outbuf, * there ain't nothing in there yet. At the bottom of this whole mess, - * leading tabs are reinserted. + * leading spaces are reinserted. */ char *outbuf; /* Sandbagged output line image */ char *outp; /* Pointer in above */ @@ -413,7 +412,7 @@ if (outbuf == 0) abort(); outbuf_size = BUFSIZ; - outp = NOSTR; + outp = outbuf; } /* @@ -443,17 +442,18 @@ { register char *cp; register int s, t; - - if (((outp==NOSTR) ? wl : outp-outbuf + wl) >= outbuf_size) { - char *old_outbuf = outbuf; - outbuf_size *= 2; + + s = outp-outbuf; + + if (s + wl >= outbuf_size) { + outbuf_size = s + wl + 17; /* clever heuristics */ outbuf = realloc(outbuf, outbuf_size); if (outbuf == 0) abort(); - outp += outbuf-old_outbuf; + outp = outbuf + s; } - if (outp == NOSTR) + if (outp == outbuf) leadin(); /* * LIZ@UOM 6/18/85 -- change condition to check goal_length; s is the @@ -487,11 +487,11 @@ void oflush() { - if (outp == NOSTR) + if (outp == outbuf) return; *outp = '\0'; tabulate(outbuf); - outp = NOSTR; + outp = outbuf; } /* @@ -561,7 +561,7 @@ register char *top; top = malloc(strlen(str) + 1); - if (top == NOSTR) + if (top == 0) errx(1, "ran out of memory"); strcpy(top, str); return (top); -- Anatoly Vorobey, mellon@pobox.com http://pobox.com/~mellon/ "Angels can fly because they take themselves lightly" - G.K.Chesterton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message