Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 2 Apr 2000 09:08:09 +0000
From:      Anatoly Vorobey <mellon@pobox.com>
To:        Bruce Evans <bde@zeta.org.au>
Cc:        freebsd-bugs@FreeBSD.ORG
Subject:   Re: bin/12242 : segmentation fault running /usr/bin/fmt
Message-ID:  <20000402090809.A57640@happy.checkpoint.com>
In-Reply-To: <Pine.BSF.4.21.0004021634270.1157-100000@alphplex.bde.org>; from bde@zeta.org.au on Sun, Apr 02, 2000 at 04:52:21PM %2B1000
References:  <200004020510.VAA60362@freefall.freebsd.org> <Pine.BSF.4.21.0004021634270.1157-100000@alphplex.bde.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Apr 02, 2000 at 04:52:21PM +1000, Bruce Evans wrote:

> Both old_outbuf and outp are invalid after outbuf has been realloc'ed.
> Just loading them may trap.  The buffer offset should be computed
> _before_ the realloc.

Uhm, you are right. How about this? (I'm not abusing s, it's used for
the same purpose later).

--- fmt.c.orig  Sat Aug 28 01:01:18 1999
+++ fmt.c       Sun Apr  2 09:05:24 2000
@@ -443,14 +443,15 @@
 {
        register char *cp;
        register int s, t;
-
-       if (((outp==NOSTR) ? wl : outp-outbuf + wl) >= outbuf_size) {
-               char *old_outbuf = outbuf;
+        
+       s = (outp==NOSTR) ? 0 : outp-outbuf;
+ 
+       if (s + wl >= outbuf_size) {
                outbuf_size *= 2;
                outbuf = realloc(outbuf, outbuf_size);
                if (outbuf == 0)
                        abort();
-               outp += outbuf-old_outbuf;
+               outp = outbuf + s;
        }


Thanks,
Anatoly.

-- 
Anatoly Vorobey,
mellon@pobox.com http://pobox.com/~mellon/
"Angels can fly because they take themselves lightly" - G.K.Chesterton


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000402090809.A57640>