Date: Thu, 19 Apr 2001 03:43:41 GMT From: ryan@sasknow.com To: FreeBSD-gnats-submit@freebsd.org Subject: ports/26698: PATCH: editors/lpe 1.2.5 segfault on permission denied Message-ID: <200104190343.f3J3hfN36175@home.sasknow.net>
next in thread | raw e-mail | index | archive | help
>Number: 26698 >Category: ports >Synopsis: PATCH: editors/lpe 1.2.5 segfault on permission denied >Confidential: no >Severity: non-critical >Priority: high >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Apr 19 02:50:01 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Ryan Thompson >Release: FreeBSD 4.2-20010325-STABLE i386 >Organization: >Environment: System: FreeBSD home.sasknow.net 4.2-20010325-STABLE FreeBSD 4.2-20010325-STABLE #0: Sun Mar 25 12:57:18 GMT 2001 root@usw3.freebsd.org:/usr/src/sys/compile/GENERIC i386 >Description: lpe 1.2.5 as built from today's ports (nothing interesting in the commit logs anyway) will dump core without fail when a file when fopen() fails on an existing file (eg, permission denied) The homespun die() lpe.c incorrectly tries to free() each node in the doubly linked list of lines of text in its internal storage buffer, when (portions of) that buffer may not have been initialized as a result of a premature exit. >How-To-Repeat: chmod 000 somefile lpe somefile (as a normal user ;-) >Fix: Solution is to prevent die() from free()ing nodes if the text buffer is null. --- lpe.c.orig Thu Apr 19 02:16:41 2001 +++ lpe.c Thu Apr 19 03:08:30 2001 @@ -48,13 +48,17 @@ { buffer *node; - while (the_buf->next != the_buf) + if (the_buf->text != NULL) { - node = the_buf->next; - the_buf->next = the_buf->next->next; - the_buf->next->prev = the_buf; - free(node); + while (the_buf->next != the_buf) + { + node = the_buf->next; + the_buf->next = the_buf->next->next; + the_buf->next->prev = the_buf; + free(node); + } } + free(the_buf); } >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200104190343.f3J3hfN36175>