Date: Wed, 27 Jan 2016 06:21:35 +0000 (UTC) From: Devin Teske <dteske@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r294893 - head/lib/libdpv Message-ID: <201601270621.u0R6LZPd030494@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dteske Date: Wed Jan 27 06:21:35 2016 New Revision: 294893 URL: https://svnweb.freebsd.org/changeset/base/294893 Log: Fix a crash if `-D' is used without `-t title' dialog(3)'s dlg_reallocate_gauge(), used both by dialog(3)'s dialog_gauge() and dialog(1)'s `--gauge', will segmentation fault in strlen(3) if no title is set for the widget. Reproducible with `dialog --gauge hi 6 20' (adding `--title ""' is enough to prevent segmentation fault). MFC after: 3 days X-MFC-to: stable/10 Modified: head/lib/libdpv/dialog_util.c Modified: head/lib/libdpv/dialog_util.c ============================================================================== --- head/lib/libdpv/dialog_util.c Wed Jan 27 06:16:53 2016 (r294892) +++ head/lib/libdpv/dialog_util.c Wed Jan 27 06:21:35 2016 (r294893) @@ -261,6 +261,13 @@ dialog_spawn_gauge(char *init_prompt, pi errx(EXIT_FAILURE, "Out of memory?!"); sprintf(dargv[n++], "--title"); dargv[n++] = title; + } else { + if ((dargv[n] = malloc(8)) == NULL) + errx(EXIT_FAILURE, "Out of memory?!"); + sprintf(dargv[n++], "--title"); + if ((dargv[n] = malloc(8)) == NULL) + errx(EXIT_FAILURE, "Out of memory?!"); + sprintf(dargv[n++], ""); } if (backtitle != NULL) { if ((dargv[n] = malloc(12)) == NULL)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201601270621.u0R6LZPd030494>