From owner-freebsd-bugs Mon Apr 22 10:00:07 1996 Return-Path: owner-bugs Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id KAA17521 for bugs-outgoing; Mon, 22 Apr 1996 10:00:07 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id KAA17493 Mon, 22 Apr 1996 10:00:02 -0700 (PDT) Date: Mon, 22 Apr 1996 10:00:02 -0700 (PDT) Message-Id: <199604221700.KAA17493@freefall.freebsd.org> To: freebsd-bugs Cc: From: David Greenman Subject: Re: bin/1153: fmt segfaults Reply-To: David Greenman Sender: owner-bugs@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk The following reply was made to PR bin/1153; it has been noted by GNATS. From: David Greenman To: mmead@Glock.COM Cc: FreeBSD-gnats-submit@freebsd.org Subject: Re: bin/1153: fmt segfaults Date: Sun, 28 Apr 1996 15:50:29 -0700 > I've hacked on /usr/src/usr.bin/fmt/fmt.c and think I've >got the problem all figured out and fixed. Here's a patch. I've >tested it fairly thoroughly, but someone else might want to go >through it. > >--- /usr/src/usr.bin/fmt/fmt.c-dist Mon Apr 22 00:43:43 1996 >+++ /usr/src/usr.bin/fmt/fmt.c Mon Apr 22 00:53:41 1996 >@@ -172,7 +172,9 @@ > *cp++ = c; > c = getc(fi); > } >- *cp = '\0'; >+ if (cp != NULL) { >+ *cp = '\0'; >+ } ... > cp = linebuf; > cp2 = canonb; >- while (cc = *cp++) { >+ while ((cp != NULL) && (cc = *cp++)) { ... I don't get it. How can "cp" be NULL? It's assigned to "linebuf" which is allocated off the stack: char linebuf[BUFSIZ], canonb[BUFSIZ]; ...linebuf can never be NULL. -DG David Greenman Core-team/Principal Architect, The FreeBSD Project