From owner-freebsd-ports Thu Apr 19 2:50: 9 2001 Delivered-To: freebsd-ports@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 0C2BA37B42C for ; Thu, 19 Apr 2001 02:50:02 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f3J9o2E56710; Thu, 19 Apr 2001 02:50:02 -0700 (PDT) (envelope-from gnats) Received: from home.sasknow.net (stimpy.sasknow.net [207.195.92.134]) by hub.freebsd.org (Postfix) with ESMTP id A1BDF37B43C for ; Thu, 19 Apr 2001 02:43:26 -0700 (PDT) (envelope-from ryan@home.sasknow.net) Received: (from ryan@localhost) by home.sasknow.net (8.11.3/8.11.3) id f3J3hfN36175; Thu, 19 Apr 2001 03:43:41 GMT (envelope-from ryan) Message-Id: <200104190343.f3J3hfN36175@home.sasknow.net> Date: Thu, 19 Apr 2001 03:43:41 GMT From: ryan@sasknow.com Reply-To: ryan@sasknow.com To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 Subject: ports/26698: PATCH: editors/lpe 1.2.5 segfault on permission denied Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 26698 >Category: ports >Synopsis: PATCH: editors/lpe 1.2.5 segfault on permission denied >Confidential: no >Severity: non-critical >Priority: high >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Apr 19 02:50:01 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Ryan Thompson >Release: FreeBSD 4.2-20010325-STABLE i386 >Organization: >Environment: System: FreeBSD home.sasknow.net 4.2-20010325-STABLE FreeBSD 4.2-20010325-STABLE #0: Sun Mar 25 12:57:18 GMT 2001 root@usw3.freebsd.org:/usr/src/sys/compile/GENERIC i386 >Description: lpe 1.2.5 as built from today's ports (nothing interesting in the commit logs anyway) will dump core without fail when a file when fopen() fails on an existing file (eg, permission denied) The homespun die() lpe.c incorrectly tries to free() each node in the doubly linked list of lines of text in its internal storage buffer, when (portions of) that buffer may not have been initialized as a result of a premature exit. >How-To-Repeat: chmod 000 somefile lpe somefile (as a normal user ;-) >Fix: Solution is to prevent die() from free()ing nodes if the text buffer is null. --- lpe.c.orig Thu Apr 19 02:16:41 2001 +++ lpe.c Thu Apr 19 03:08:30 2001 @@ -48,13 +48,17 @@ { buffer *node; - while (the_buf->next != the_buf) + if (the_buf->text != NULL) { - node = the_buf->next; - the_buf->next = the_buf->next->next; - the_buf->next->prev = the_buf; - free(node); + while (the_buf->next != the_buf) + { + node = the_buf->next; + the_buf->next = the_buf->next->next; + the_buf->next->prev = the_buf; + free(node); + } } + free(the_buf); } >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message