Re: [nail-devel] segfault on set with no arguments
Brought to you by:
gritter
From: Steffen D. N. <sd...@gm...> - 2013-03-01 21:17:03
|
"Stephen Isard" <3s9...@sn...> wrote: |> I can't see a bug in the code, which makes me think that this is |> a compiler issue -- this is a very old codebase which doesn't even |<snip> | |Yes, it's an old codebase, but I happen to have a mailx 12.2 tarball on |my machine and when I compile that, there is no segfault. And of course You were absolutely right, there was a faulty array size calculation! I don't know how you have managed to get there (:), but i really appreciate that you have looked at this and even sent me the backtrace! Does this patch fix the problem, then, or is it even worse? |Regards, Fantastic! |Stephen Isard --steffen Date: 2013-03-01 22:08:54 +0100 cmd3.c:_set_show_all(): Stephen Isard: fix SEGV.. The array size did not take into account the necessary terminating NULL pointer, so that we exceeded array bounds regulary. --- cmd3.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd3.c b/cmd3.c index cafbe1b..4369bee 100644 --- a/cmd3.c +++ b/cmd3.c @@ -121,11 +121,11 @@ _set_show_all(void) rm(cp); Ftfree(&cp); - for (i = u.j = 0; i < HSHSIZE; ++i) + for (u.j = 1, i = 0; i < HSHSIZE; ++i) for (vp = variables[i]; vp != NULL; vp = vp->v_link) ++u.j; vacp = (char**)salloc(u.j * sizeof(*vacp)); - for (i = 0, p = vacp; i < HSHSIZE; ++i) + for (p = vacp, i = 0; i < HSHSIZE; ++i) for (vp = variables[i]; vp != NULL; vp = vp->v_link) *p++ = vp->v_name; *p = NULL; |