Date: Sun, 2 Apr 2000 16:52:21 +1000 (EST) From: Bruce Evans <bde@zeta.org.au> To: Anatoly Vorobey <mellon@pobox.com> Cc: freebsd-bugs@FreeBSD.ORG Subject: Re: bin/12242 : segmentation fault running /usr/bin/fmt Message-ID: <Pine.BSF.4.21.0004021634270.1157-100000@alphplex.bde.org> In-Reply-To: <200004020510.VAA60362@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 1 Apr 2000, Anatoly Vorobey wrote: > > --- /usr/src/usr.bin/fmt/fmt.c.orig Tue Sep 30 15:42:05 1997 > > +++ /usr/src/usr.bin/fmt/fmt.c Sat Aug 7 22:40:31 1999 > > @@ -450,7 +450,8 @@ > > outbuf = realloc(outbuf, outbuf_size); > > if (outbuf == 0) > > abort(); > > - outp += outbuf-old_outbuf; > > + if (outp != NOSTR) > > + outp += outbuf-old_outbuf; > > This will work, but isn't standard C (outbuf-old_outbuf is not good). Perhaps > the following is better. Maybe someone could review/commit this? I've > verified this solves the problem. > > --- fmt.c.orig Sat Aug 28 01:01:18 1999 > +++ fmt.c Sun Apr 2 07:06:04 2000 > @@ -450,7 +450,8 @@ > outbuf = realloc(outbuf, outbuf_size); > if (outbuf == 0) > abort(); > - outp += outbuf-old_outbuf; > + if (outp != NOSTR) > + outp = outbuf + (outp - old_outbuf); > } Both old_outbuf and outp are invalid after outbuf has been realloc'ed. Just loading them may trap. The buffer offset should be computed _before_ the realloc. Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0004021634270.1157-100000>