Date: Thu, 5 Dec 2002 16:01:50 +0200 From: Ruslan Ermilov <ru@FreeBSD.org> To: Peter Wemm <peter@FreeBSD.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/contrib/cvs - Imported sources Message-ID: <20021205140150.GA54031@sunbay.com> In-Reply-To: <200212020313.gB23Djbp002914@repoman.freebsd.org> References: <200212020313.gB23Djbp002914@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--9zSXsLTf0vkW971A
Content-Type: multipart/mixed; boundary="oyUTqETQ0mS9luUI"
Content-Disposition: inline
--oyUTqETQ0mS9luUI
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sun, Dec 01, 2002 at 07:13:45PM -0800, Peter Wemm wrote:
> peter 2002/12/01 19:13:45 PST
>=20
> src/contrib/cvs - Imported sources
> Update of /home/ncvs/src/contrib/cvs
> In directory repoman.freebsd.org:/tmp/cvs-serv2827
> =20
> Log Message:
> Import cvs-1.11.2.1 as of 2002/12/01 onto vendor branch. This fixes all
> of the bugs that I know of.
>=20
Here's one more (with the patch attached). The line numbers are
slightly different because I'm running with some unrelated local
patches (that add PAM support to cvs server code).
The first server_cleanup() calls ``(void) buf_flush (buf_to_net, 1);''
at its very end, and this triggers another server_cleanup() that causes
the dereference of a null pointer in the patched code fragment.
Core was generated by `cvs'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libgnuregex.so.2...done.
Reading symbols from /usr/lib/libmd.so.2...done.
Reading symbols from /usr/lib/libcrypt.so.2...done.
Reading symbols from /usr/lib/libz.so.2...done.
Reading symbols from /usr/lib/libpam.so.1...done.
Reading symbols from /usr/lib/libc.so.4...done.
Reading symbols from /usr/lib/pam_skey.so...done.
Reading symbols from /usr/lib/libskey.so.2...done.
Reading symbols from /usr/lib/pam_unix.so...done.
Reading symbols from /usr/lib/libutil.so.3...done.
Reading symbols from /usr/libexec/ld-elf.so.1...done.
#0 buf_shutdown (buf=3D0x0)
at /usr/src/gnu/usr.bin/cvs/cvs/../../../../contrib/cvs/src/buffer.c:12=
08
1208 if (buf->shutdown)
(gdb) bt
#0 buf_shutdown (buf=3D0x0)
at /usr/src/gnu/usr.bin/cvs/cvs/../../../../contrib/cvs/src/buffer.c:12=
08
#1 0x8088edf in server_cleanup (sig=3D0)
at /usr/src/gnu/usr.bin/cvs/cvs/../../../../contrib/cvs/src/server.c:49=
01
#2 0x805f1ff in error_exit ()
at /usr/src/gnu/usr.bin/cvs/cvs/../../../../contrib/cvs/src/error.c:71
#3 0x805f4c7 in error (status=3D1, errnum=3D0, message=3D0x80acaf9 "receiv=
ed %s signal")
at /usr/src/gnu/usr.bin/cvs/cvs/../../../../contrib/cvs/src/error.c:212
#4 0x806e4ee in main_cleanup (sig=3D13)
at /usr/src/gnu/usr.bin/cvs/cvs/../../../../contrib/cvs/src/main.c:395
#5 0x8093c20 in SIG_handle (sig=3D13)
at /usr/src/gnu/usr.bin/cvs/lib/../../../../contrib/cvs/lib/sighandle.c=
:156
#6 0xbfbfffac in ?? ()
#7 0x804d99d in buf_send_output (buf=3D0x80c3040)
at /usr/src/gnu/usr.bin/cvs/cvs/../../../../contrib/cvs/src/buffer.c:287
#8 0x804da44 in buf_flush (buf=3D0x80c3040, block=3D1)
at /usr/src/gnu/usr.bin/cvs/cvs/../../../../contrib/cvs/src/buffer.c:352
#9 0x8088f6b in server_cleanup (sig=3D0)
at /usr/src/gnu/usr.bin/cvs/cvs/../../../../contrib/cvs/src/server.c:50=
17
#10 0x80894a2 in server (argc=3D1, argv=3D0xbfbffccc)
at /usr/src/gnu/usr.bin/cvs/cvs/../../../../contrib/cvs/src/server.c:52=
44
#11 0x806f083 in main (argc=3D1, argv=3D0xbfbffccc)
at /usr/src/gnu/usr.bin/cvs/cvs/../../../../contrib/cvs/src/main.c:1028
#12 0x804a6ed in _start ()
Cheers,
--=20
Ruslan Ermilov Sysadmin and DBA,
ru@sunbay.com Sunbay Software AG,
ru@FreeBSD.org FreeBSD committer,
+380.652.512.251 Simferopol, Ukraine
http://www.FreeBSD.org The Power To Serve
http://www.oracle.com Enabling The Information Age
--oyUTqETQ0mS9luUI
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=p
Content-Transfer-Encoding: quoted-printable
Index: server.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /home/ncvs/src/contrib/cvs/src/server.c,v
retrieving revision 1.17
diff -u -p -r1.17 server.c
--- server.c 2 Dec 2002 03:17:49 -0000 1.17
+++ server.c 5 Dec 2002 13:49:52 -0000
@@ -4889,11 +4889,14 @@ server_cleanup (sig)
* have generated any final output, we shut down BUF_TO_NET.
*/
=20
- status =3D buf_shutdown (buf_from_net);
- if (status !=3D 0)
- error (0, status, "shutting down buffer from client");
- buf_free (buf_from_net);
- buf_from_net =3D NULL;
+ if (buf_from_net !=3D NULL)
+ {
+ status =3D buf_shutdown (buf_from_net);
+ if (status !=3D 0)
+ error (0, status, "shutting down buffer from client");
+ buf_free (buf_from_net);
+ buf_from_net =3D NULL;
+ }
}
=20
if (dont_delete_temp)
--oyUTqETQ0mS9luUI--
--9zSXsLTf0vkW971A
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
iD8DBQE971xOUkv4P6juNwoRAiszAJ0T44Aw3vIEZdq0Lb2pVAaUzitbmgCggu86
hrfYdG3S33bPIA2GO0F0F60=
=8fas
-----END PGP SIGNATURE-----
--9zSXsLTf0vkW971A--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021205140150.GA54031>