Date: Sat, 29 Aug 2009 23:49:02 GMT From: Andrew Brampton <brampton@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/138320: [patch] nano segfaults on 8.0 Message-ID: <200908292349.n7TNn2jH041072@www.freebsd.org> Resent-Message-ID: <200908292350.n7TNo0XD016329@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 138320
>Category: ports
>Synopsis: [patch] nano segfaults on 8.0
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Aug 29 23:50:00 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Andrew Brampton
>Release: FreeBSD 8.0-BETA3
>Organization:
>Environment:
FreeBSD sim3.rcdn.org 8.0-BETA3 FreeBSD 8.0-BETA3 #0: Sat Aug 22 02:00:45 UTC 2009 root@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64
>Description:
The port editor/nano segfaults on 8.0, when run:
> nano
Segmentation fault: 11 (core dumped)
I tracked this down to line 617 of rcfile.c where getline is called with an uninitalised argument. The fix is to initalise n to zero on a few lines above. The attached patch should fix this. I am also reporting this problem upstream.
>How-To-Repeat:
Run nano with no arguments.
>Fix:
Recompile with the attached patch, or run nano with the --ignorercfiles argument.
Patch attached with submission follows:
--- rcfile.c.orig 2009-08-30 00:24:28.000000000 +0100
+++ rcfile.c 2009-08-30 00:25:11.000000000 +0100
@@ -612,7 +612,7 @@
{
char *buf = NULL;
ssize_t len;
- size_t n;
+ size_t n = 0;
while ((len = getline(&buf, &n, rcstream)) > 0) {
char *ptr, *keyword, *option;
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200908292349.n7TNn2jH041072>