Package: dpkg
Version: 1.3.22
Seen in src/archives.c:
narglist[i++]= strdup("f");
narglist[i++]= strdup("-print0");
narglist[i++]= 0;
execvp(FIND, narglist);
Similar use of strdup can be found in many other places.
strdup will return 0 if no memory can be allocated, so this usage is
not safe. The return value should be checked for 0. The best way to
do this would be something like
char *m_strdup(const char *s) { ... }
in lib/mlib.c. Every call to strdup should be changed to m_strdup
(and any ad-hoc error checking nearby removed - my grep shows that
there are some cases where there is some).
Ian.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
