Date: Wed, 19 Mar 1997 15:45:44 +0000 From: gjm11@dpmms.cam.ac.uk To: FreeBSD-gnats-submit@freebsd.org Subject: ports/3037: "es" limit builtin dumps core Message-ID: <E0w7NYe-0007Wu-00@g.pet.cam.ac.uk> Resent-Message-ID: <199703191550.HAA27115@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 3037 >Category: ports >Synopsis: "es" limit builtin dumps core >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Mar 19 07:50:02 PST 1997 >Last-Modified: >Originator: Gareth McCaughan >Organization: all too little >Release: FreeBSD 2.2-970215-GAMMA i386 >Environment: es-0.9a1 running on FreeBSD 2.2 >Description: In "prim-sys.c", function |printlimit()|, the variable |lim| is declared as a |u_quad_t|. It is then passed to the |print| function, with format specifier 'd'. The result is that the stdarg machinery in |print()| gets out of sync (because two words are being passed for the |lim| parameter, whereas only one is expected); the second word gets treated as a |char *|, and all hell breaks loose. >How-To-Repeat: Run "es", and type "limit" when at least one limit doesn't have value "unlimited". >Fix: Quick fix: replace |lim| with |(int)lim| in the call to |print()| in |printlimit()|. (This will give wrong output in some cases, but won't crash.) Slightly better, replace it with |(unsigned int)lim| and replace "%d" with "%ud". Proper fix: implement quad-word operations in |print()| and its friends. >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0w7NYe-0007Wu-00>