Package: nvi
Version: 1.81.6-4
Hi,
Because of the 08lfs.dpatch, when errno is EOVERFLOW from stat, the
"goto err" bypasses a future initialisation of EXF *ep. Segfault happens
when structures are freed. A patch that initialises the pointer to NULL
and conditions out the frees on it in error handling follows.
Greetings,
Michael.
diff -urN orig/nvi-1.81.6/common/exf.c fixed/nvi-1.81.6/common/exf.c
--- orig/nvi-1.81.6/common/exf.c 2009-10-15 21:52:44.000000000 -0400
+++ fixed/nvi-1.81.6/common/exf.c 2009-10-15 21:43:17.000000000 -0400
@@ -125,7 +125,7 @@
int
file_init(SCR *sp, FREF *frp, char *rcv_name, int flags)
{
- EXF *ep;
+ EXF *ep = 0;
struct stat sb;
size_t psize;
int fd, exists, open_err, readonly, stolen;
@@ -495,18 +495,21 @@
frp->tname = NULL;
}
-oerr: if (F_ISSET(ep, F_RCV_ON))
- (void)unlink(ep->rcv_path);
- if (ep->rcv_path != NULL) {
- free(ep->rcv_path);
- ep->rcv_path = NULL;
- }
- if (ep->db != NULL) {
- (void)ep->db->close(ep->db, DB_NOSYNC);
- ep->db = NULL;
+oerr:
+ if (ep) {
+ if (F_ISSET(ep, F_RCV_ON))
+ (void)unlink(ep->rcv_path);
+ if (ep->rcv_path != NULL) {
+ free(ep->rcv_path);
+ ep->rcv_path = NULL;
+ }
+ if (ep->db != NULL) {
+ (void)ep->db->close(ep->db, DB_NOSYNC);
+ ep->db = NULL;
+ }
+ free(ep);
}
- free(ep);
-
+ return (open_err && !LF_ISSET(FS_OPENERR) ?
file_init(sp, frp, rcv_name, flags | FS_OPENERR) : 1);
}
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
