htop

Thank you -- Fixed in 0.8.3

Same for me in Slackware 12.2 installed with Slackbuilds script.

https://bugzilla.redhat.com/show_bug.cgi?id=504795
Bugreport from Fedora, but now it's fixed. There is a patch that works for
me.

heh, nobody actually checks for the size of functions[].
Of course, anything lies at functions[2], even if the array is of size 2.
Thus the check for NULL fails. The strcpy then tries to copy an address
which it isn't allowed to access.

55 int i = 0;
56 while (i < 15 && functions[i]) {
57 this->functions[i] = String_copy(functions[i]);
58 this->keys[i] = String_copy(keys[i]);
59 this->events[i] = events[i];
60 i++;
61 }


Index: FunctionBar.c
===================================================================
--- FunctionBar.c (revision 162)
+++ FunctionBar.c (working copy)
@@ -52,12 +52,14 @@ FunctionBar* FunctionBar_new(char** func
this->functions = malloc(sizeof(char*) * 15);
this->keys = malloc(sizeof(char*) * 15);
this->events = malloc(sizeof(int) * 15);
- int i = 0;
- while (i < 15 && functions[i]) {
+ int i;
+ for (i = 0; i < 15; i++) {
+ if (functions[i] == NULL) /* We don't know the size of the
array, */
+ break; /* so let's assume it is NULL
terminated */
+ /* and break if we find that NULL
*/
this->functions[i] = String_copy(functions[i]);
this->keys[i] = String_copy(keys[i]);
this->events[i] = events[i];
- i++;
}
this->size = i;
} else {
Index: htop.c
===================================================================
--- htop.c (revision 162)
+++ htop.c (working copy)
@@ -656,7 +656,7 @@ int main(int argc, char** argv) {

Panel* affinityPanel = AffinityPanel_new(pl->processorCount,
curr);

- char* fuFunctions[2] = {"Set ", "Cancel "};
+ char* fuFunctions[3] = {"Set ", "Cancel ", NULL};
void* set = pickFromVector(panel, affinityPanel, 15,
headerHeight, fuFunctions, defaultBar);
if (set) {
unsigned long new =
AffinityPanel_getAffinity(affinityPanel);

Program received signal SIGSEGV, Segmentation fault.
strlen () at ../sysdeps/x86_64/strlen.S:37
37 0: cmpb $0x0,(%rax) /* is byte NUL? */
Current language: auto; currently asm
(gdb) bt
#0 strlen () at ../sysdeps/x86_64/strlen.S:37
#1 0x0000003fb4480ba6 in __strdup (
s=0x4a314554 <Address 0x4a314554 out of bounds>) at strdup.c:42
#2 0x00000000004055f3 in FunctionBar_new (functions=0x7fffffffe060,
keys=0x7fffffffa5c0, events=0x7fffffffa5e0) at FunctionBar.c:57
#3 0x00000000004060a3 in pickFromVector (panel=0x82cd70, list=0x83d660,
x=15,
y=6, keyLabels=0x7fffffffe060, prevBar=0x82da10) at htop.c:198
#4 0x00000000004072f7 in main (argc=<value optimized out>,
argv=<value optimized out>) at htop.c:660
(gdb) t a a bt full
(gdb) quit

Same for me but using rpm. On i686 and x86_64 Fedora 9 and Fedora 11.
P4 (2GHz, 1GB RAM), Core 2 Duo (1.83GHz, 4GB RAM)