From owner-freebsd-bugs@FreeBSD.ORG Mon Oct 13 07:30:19 2003 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2BB7116A4D8 for ; Mon, 13 Oct 2003 07:30:19 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9BDA843F75 for ; Mon, 13 Oct 2003 07:30:18 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h9DEUIFY022528 for ; Mon, 13 Oct 2003 07:30:18 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h9DEUINj022527; Mon, 13 Oct 2003 07:30:18 -0700 (PDT) (envelope-from gnats) Date: Mon, 13 Oct 2003 07:30:18 -0700 (PDT) Message-Id: <200310131430.h9DEUINj022527@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org From: Maxim Konovalov Subject: Re: bin/56696: atacontrol core dump (sscanf on unintialized pointer) X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Maxim Konovalov List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Oct 2003 14:30:19 -0000 The following reply was made to PR bin/56696; it has been noted by GNATS. From: Maxim Konovalov To: Igor Truszkowski Cc: sos@freebsd.org, bug-followup@freebsd.org Subject: Re: bin/56696: atacontrol core dump (sscanf on unintialized pointer) Date: Mon, 13 Oct 2003 18:27:41 +0400 (MSD) Please try enclosed patch. Index: atacontrol.c =================================================================== RCS file: /home/ncvs/src/sbin/atacontrol/atacontrol.c,v retrieving revision 1.26 diff -u -r1.26 atacontrol.c --- atacontrol.c 24 Aug 2003 09:23:54 -0000 1.26 +++ atacontrol.c 13 Oct 2003 14:22:34 -0000 @@ -339,14 +339,19 @@ int disk, dev, offset; iocmd.cmd = ATARAIDCREATE; - if (!strcmp(argv[2], "RAID0") || !strcmp(argv[2], "stripe")) - iocmd.u.raid_setup.type = 1; - if (!strcmp(argv[2], "RAID1") || !strcmp(argv[2],"mirror")) - iocmd.u.raid_setup.type = 2; - if (!strcmp(argv[2], "RAID0+1")) - iocmd.u.raid_setup.type = 3; - if (!strcmp(argv[2], "SPAN") || !strcmp(argv[2], "JBOD")) - iocmd.u.raid_setup.type = 4; + if (argc > 2) { + if (!strcmp(argv[2], "RAID0") || + !strcmp(argv[2], "stripe")) + iocmd.u.raid_setup.type = 1; + if (!strcmp(argv[2], "RAID1") || + !strcmp(argv[2], "mirror")) + iocmd.u.raid_setup.type = 2; + if (!strcmp(argv[2], "RAID0+1")) + iocmd.u.raid_setup.type = 3; + if (!strcmp(argv[2], "SPAN") || + !strcmp(argv[2], "JBOD")) + iocmd.u.raid_setup.type = 4; + } if (!iocmd.u.raid_setup.type) { fprintf(stderr, "atacontrol: Invalid RAID type\n"); fprintf(stderr, "atacontrol: Valid RAID types : \n"); @@ -356,7 +361,7 @@ } if (iocmd.u.raid_setup.type & 1) { - if (!sscanf(argv[3], "%d", + if (argc < 4 || !sscanf(argv[3], "%d", &iocmd.u.raid_setup.interleave) == 1) { fprintf(stderr, "atacontrol: Invalid interleave\n"); exit(EX_USAGE); %%% -- Maxim Konovalov, maxim@macomnet.ru, maxim@FreeBSD.org