Date: Mon, 15 Dec 2025 18:18:26 +0000 From: Jessica Clarke <jrtc27@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 8aaae40a354a - stable/13 - ee: Fix use of uninitialised pointer in ispell_op Message-ID: <694050f2.257f5.25b0b3df@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch stable/13 has been updated by jrtc27: URL: https://cgit.FreeBSD.org/src/commit/?id=8aaae40a354a831b0c2ac13f34dbf0f99faa8b8b commit 8aaae40a354a831b0c2ac13f34dbf0f99faa8b8b Author: Jessica Clarke <jrtc27@FreeBSD.org> AuthorDate: 2024-06-02 22:53:09 +0000 Commit: Jessica Clarke <jrtc27@FreeBSD.org> CommitDate: 2025-12-15 17:56:34 +0000 ee: Fix use of uninitialised pointer in ispell_op This used to be name = mktemp followed by fd = open downstream, replacing upstream's crude PID-based sprintf, but in 1.4.7 this was changed upstream to this buggy code, which we then picked up in the 1.5.0 import. Presumably nobody's actually used ee's ispell function in the past 15 years; that or it's just ended up using junk file names as temporary files if name's happened to be a valid address to something that can be interpreted as a string. Reported by: Dapeng Gao <dapeng.gao@cl.cam.ac.uk> Fixes: 96b676e99984 ("Update ee(1) in the base system to version 1.5.0.") MFC after: 1 week (cherry picked from commit 25a33bfe9ce2b55812201f475e9d3e64009b40dc) --- contrib/ee/ee.c | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/ee/ee.c b/contrib/ee/ee.c index 5976152414cb..002852e9e59a 100644 --- a/contrib/ee/ee.c +++ b/contrib/ee/ee.c @@ -4436,6 +4436,7 @@ ispell_op() } (void)sprintf(template, "/tmp/ee.XXXXXXXX"); fd = mkstemp(template); + name = template; if (fd < 0) { wmove(com_win, 0, 0); wprintw(com_win, create_file_fail_msg, name);help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?694050f2.257f5.25b0b3df>