Re: [nail-devel] segfault on set with no arguments
Brought to you by:
gritter
Menu
▾
▴
Re: [nail-devel] segfault on set with no arguments
|
From: Steffen D. N. <sd...@gm...> - 2013-03-01 21:17:03
|
"Stephen Isard" <3s9...@sn...> wrote:
|> I can't see a bug in the code, which makes me think that this is
|> a compiler issue -- this is a very old codebase which doesn't even
|<snip>
|
|Yes, it's an old codebase, but I happen to have a mailx 12.2 tarball on
|my machine and when I compile that, there is no segfault. And of course
You were absolutely right, there was a faulty array size
calculation! I don't know how you have managed to get there (:),
but i really appreciate that you have looked at this and even sent
me the backtrace!
Does this patch fix the problem, then, or is it even worse?
|Regards,
Fantastic!
|Stephen Isard
--steffen
Date: 2013-03-01 22:08:54 +0100
cmd3.c:_set_show_all(): Stephen Isard: fix SEGV..
The array size did not take into account the necessary
terminating NULL pointer, so that we exceeded array
bounds regulary.
---
cmd3.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/cmd3.c b/cmd3.c
index cafbe1b..4369bee 100644
--- a/cmd3.c
+++ b/cmd3.c
@@ -121,11 +121,11 @@ _set_show_all(void)
rm(cp);
Ftfree(&cp);
- for (i = u.j = 0; i < HSHSIZE; ++i)
+ for (u.j = 1, i = 0; i < HSHSIZE; ++i)
for (vp = variables[i]; vp != NULL; vp = vp->v_link)
++u.j;
vacp = (char**)salloc(u.j * sizeof(*vacp));
- for (i = 0, p = vacp; i < HSHSIZE; ++i)
+ for (p = vacp, i = 0; i < HSHSIZE; ++i)
for (vp = variables[i]; vp != NULL; vp = vp->v_link)
*p++ = vp->v_name;
*p = NULL;
|