From owner-freebsd-bugs@FreeBSD.ORG  Mon Oct 11 10:17:27 2004
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DE75416A4CE
	for <freebsd-bugs@FreeBSD.org>; Mon, 11 Oct 2004 10:17:27 +0000 (GMT)
Received: from gw.Awfulhak.org (awfulhak.demon.co.uk [80.177.173.150])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0F5D743D1F
	for <freebsd-bugs@FreeBSD.org>; Mon, 11 Oct 2004 10:17:27 +0000 (GMT)
	(envelope-from brian@FreeBSD.org)
Received: from dev.lan.Awfulhak.org (brian@dev.lan.Awfulhak.org [172.16.0.5])
	by gw.Awfulhak.org (8.13.1/8.13.1) with SMTP id i9BAHCa7069605
	for <freebsd-bugs@FreeBSD.org>; Mon, 11 Oct 2004 11:17:12 +0100 (BST)
	(envelope-from brian@FreeBSD.org)
Date: Mon, 11 Oct 2004 11:17:25 +0100
From: Brian Somers <brian@FreeBSD.org>
To: freebsd-bugs@FreeBSD.org
Message-ID: <20041011111725.154ac69c@dev.lan.Awfulhak.org>
In-Reply-To: <200410060604.i9664L7p017952@freefall.freebsd.org>
References: <200410060604.i9664L7p017952@freefall.freebsd.org>
X-Mailer: Sylpheed-Claws 0.9.12b (GTK+ 1.2.10; i386-portbld-freebsd6.0)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.64
X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on gw.lan.Awfulhak.org
Subject: Re: bin/59995: various fixes to ppp dumping core
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Oct 2004 10:17:28 -0000

On Wed, 6 Oct 2004 06:04:21 GMT, Gleb Smirnoff <glebius@FreeBSD.org> wrote:
> Synopsis: various fixes to ppp dumping core
> 
> Responsible-Changed-From-To: freebsd-bugs->brian
> Responsible-Changed-By: glebius
> Responsible-Changed-When: Wed Oct 6 06:03:18 GMT 2004
> Responsible-Changed-Why: 
> Over to ppp(8) maintainer.
> 
> http://www.freebsd.org/cgi/query-pr.cgi?pr=59995

As already suggested, free(NULL) is ok to do, so no patch to chap.c is
necessary.

The proposed patch to command.c is wrong.

Consider

    subst("hello world!", "world", "universe")

The line

      ntgt = realloc(tgt, ltgt += lnewstr - loldstr);

allocates 16 bytes (13 + 8 - 5).  The lines

    if (lnewstr > loldstr)
      bcopy(word + loldstr, word + lnewstr, ltgt - pos - loldstr);

copy the end of the string ("!\000"):

      bcopy(word + 5, word + 8, 2)

With the command.c patch this would become

      bcopy(word + 5, word + 8, -1)

The proposed patch to ncp.c has already been fixed in -current to support
WARNS=3.

-- 
Brian <brian@Awfulhak.org>                        <brian@[uk.]FreeBSD.org>
      <http://www.Awfulhak.org>                   <brian@[uk.]OpenBSD.org>
Don't _EVER_ lose your sense of humour !