Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 19 Apr 2001 03:43:41 GMT
From:      ryan@sasknow.com
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   ports/26698: PATCH: editors/lpe 1.2.5 segfault on permission denied
Message-ID:  <200104190343.f3J3hfN36175@home.sasknow.net>
next in thread | raw e-mail | index | archive | help 

>Number:         26698
>Category:       ports
>Synopsis:       PATCH: editors/lpe 1.2.5 segfault on permission denied
>Confidential:   no
>Severity:       non-critical
>Priority:       high
>Responsible:    freebsd-ports
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Apr 19 02:50:01 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Ryan Thompson
>Release:        FreeBSD 4.2-20010325-STABLE i386
>Organization:
>Environment:
System: FreeBSD home.sasknow.net 4.2-20010325-STABLE FreeBSD 4.2-20010325-STABLE #0: Sun Mar 25 12:57:18 GMT 2001 root@usw3.freebsd.org:/usr/src/sys/compile/GENERIC i386

>Description:
	lpe 1.2.5 as built from today's ports (nothing 
	interesting in the commit logs anyway) will dump 
	core without fail when a file when fopen() fails 
	on an existing file (eg, permission denied)

	The homespun die() lpe.c incorrectly tries to
	free() each node in the doubly linked list of 
	lines of text in its internal storage buffer,
	when (portions of) that buffer may not have been
	initialized as a result of a premature exit.

>How-To-Repeat:
	chmod 000 somefile
	lpe somefile
	(as a normal user ;-)

>Fix:
	Solution is to prevent die() from free()ing
	nodes if the text buffer is null. 


--- lpe.c.orig	Thu Apr 19 02:16:41 2001
+++ lpe.c	Thu Apr 19 03:08:30 2001
@@ -48,13 +48,17 @@
 {
     buffer *node;
 
-    while (the_buf->next != the_buf)
+    if (the_buf->text != NULL)
     {
-        node = the_buf->next;
-        the_buf->next = the_buf->next->next;
-        the_buf->next->prev = the_buf;
-        free(node);
+    	while (the_buf->next != the_buf)
+    	{
+	        node = the_buf->next;
+	        the_buf->next = the_buf->next->next;
+	        the_buf->next->prev = the_buf;
+	        free(node);
+    	}
     }
+    	
     free(the_buf);
 }
 
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200104190343.f3J3hfN36175>