Date: Mon, 22 Apr 1996 10:00:02 -0700 (PDT) From: David Greenman <davidg@Root.COM> To: freebsd-bugs Subject: Re: bin/1153: fmt segfaults Message-ID: <199604221700.KAA17493@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/1153; it has been noted by GNATS.
From: David Greenman <davidg@Root.COM>
To: mmead@Glock.COM
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: bin/1153: fmt segfaults
Date: Sun, 28 Apr 1996 15:50:29 -0700
> I've hacked on /usr/src/usr.bin/fmt/fmt.c and think I've
>got the problem all figured out and fixed. Here's a patch. I've
>tested it fairly thoroughly, but someone else might want to go
>through it.
>
>--- /usr/src/usr.bin/fmt/fmt.c-dist Mon Apr 22 00:43:43 1996
>+++ /usr/src/usr.bin/fmt/fmt.c Mon Apr 22 00:53:41 1996
>@@ -172,7 +172,9 @@
> *cp++ = c;
> c = getc(fi);
> }
>- *cp = '\0';
>+ if (cp != NULL) {
>+ *cp = '\0';
>+ }
...
> cp = linebuf;
> cp2 = canonb;
>- while (cc = *cp++) {
>+ while ((cp != NULL) && (cc = *cp++)) {
...
I don't get it. How can "cp" be NULL? It's assigned to "linebuf" which is
allocated off the stack:
char linebuf[BUFSIZ], canonb[BUFSIZ];
...linebuf can never be NULL.
-DG
David Greenman
Core-team/Principal Architect, The FreeBSD Project
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199604221700.KAA17493>