[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: unitialized buffer used in error situation

From: Derek Robert Price
Subject: Re: unitialized buffer used in error situation
Date: Fri, 26 Sep 2003 18:35:22 -0400
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1

Hash: SHA1

Mark D. Baushke wrote:

|Todd C. Miller <address@hidden> writes:
|>One of the OpenBSD developers (David Krause) recently ran into a
|>cvs crash caused by the use of an unitialized buffer.  I examined
|>the traceback and found the source of the crash.  The simple fix
|Patch applied to both the stable and development branches.

Mark, I think we're better off than before after this patch, but it you
look where make_file_label is called in src/diff.c and the result then
passed to diff, it looks like the label can shift to the wrong file when
the first call to make_file_label returns a NULL:

~    call_diff_setup (args);
~    if (label1)
~        call_diff_arg (label1);
~    if (label2)
~        call_diff_arg (label2);
~    call_diff_arg ("--");
~    call_diff_arg (file1);
~    call_diff_arg (file2);
~    free (args);

If label1 is NULL, then diff interprets the first label argument, in
this case label2, as being attached to file1.

I'm not sure what could cause the call to CVS_STAT to fail and then the
label not to be set, but I think the correct fix here is either to make
the failed stat a fatal error or to create a label with just PATH or the
like.  Todd, do you know what was causing the CVS_STAT command to fail
on your reporter's system?


- --
~                *8^)

Email: address@hidden

Get CVS support at <http://ximbiot.com>!
- --
It is as useless to argue with those who have renounced the use and
authority of reason as to administer medication to the dead.

           - Thomas Jefferson
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Netscape - http://enigmail.mozdev.org


reply via email to

[Prev in Thread] Current Thread [Next in Thread]