Date: Sun, 8 Nov 2009 12:19:32 GMT From: soulcatcher <soulcatcher13@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/140386: segfault in fmtmsg(3) with MM_NULLACT Message-ID: <200911081219.nA8CJWgH014323@www.freebsd.org> Resent-Message-ID: <200911081220.nA8CK4SK064438@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 140386
>Category: kern
>Synopsis: segfault in fmtmsg(3) with MM_NULLACT
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Nov 08 12:20:04 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: soulcatcher
>Release: FreeBSD 7.2-STABLE
>Organization:
>Environment:
FreeBSD xxx.org 7.2-STABLE FreeBSD 7.2-STABLE #4: Sun Oct 4 19:58:35 UTC 2009 xxx.org:/usr/obj/usr/src/sys/GENERIC amd64
>Description:
obvious bug in /usr/src/lib/libc/gen/fmtmsg.c
>How-To-Repeat:
#include <fmtmsg.h>
int main(int argc, char * argv[])
{
fmtmsg(MM_UTIL | MM_PRINT, "BSD:ls", MM_ERROR,
"illegal option ‐‐ z", MM_NULLACT, "BSD:ls:001");
return 0;
}
gcc main.c
./a.out dumps core
>Fix:
Patch attached with submission follows:
--- fmtmsg.c.bak 2009-11-08 15:01:29.000000000 +0300
+++ fmtmsg.c 2009-11-08 15:09:08.000000000 +0300
@@ -128,7 +128,7 @@
size += strlen(sevname);
if (text != MM_NULLTXT)
size += strlen(text);
- if (text != MM_NULLACT)
+ if (act != MM_NULLACT)
size += strlen(act);
if (tag != MM_NULLTAG)
size += strlen(tag);
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200911081219.nA8CJWgH014323>