From owner-freebsd-bugs Sat Apr 1 23: 6:55 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from happy.checkpoint.com (kinata.checkpoint.com [199.203.156.41]) by hub.freebsd.org (Postfix) with ESMTP id 7FDA337B51A for ; Sat, 1 Apr 2000 23:06:49 -0800 (PST) (envelope-from mellon@pobox.com) Received: (from mellon@localhost) by happy.checkpoint.com (8.9.3/8.9.3) id JAA57722; Sun, 2 Apr 2000 09:08:09 GMT (envelope-from mellon@pobox.com) Date: Sun, 2 Apr 2000 09:08:09 +0000 From: Anatoly Vorobey To: Bruce Evans Cc: freebsd-bugs@FreeBSD.ORG Subject: Re: bin/12242 : segmentation fault running /usr/bin/fmt Message-ID: <20000402090809.A57640@happy.checkpoint.com> References: <200004020510.VAA60362@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: ; from bde@zeta.org.au on Sun, Apr 02, 2000 at 04:52:21PM +1000 Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, Apr 02, 2000 at 04:52:21PM +1000, Bruce Evans wrote: > Both old_outbuf and outp are invalid after outbuf has been realloc'ed. > Just loading them may trap. The buffer offset should be computed > _before_ the realloc. Uhm, you are right. How about this? (I'm not abusing s, it's used for the same purpose later). --- fmt.c.orig Sat Aug 28 01:01:18 1999 +++ fmt.c Sun Apr 2 09:05:24 2000 @@ -443,14 +443,15 @@ { register char *cp; register int s, t; - - if (((outp==NOSTR) ? wl : outp-outbuf + wl) >= outbuf_size) { - char *old_outbuf = outbuf; + + s = (outp==NOSTR) ? 0 : outp-outbuf; + + if (s + wl >= outbuf_size) { outbuf_size *= 2; outbuf = realloc(outbuf, outbuf_size); if (outbuf == 0) abort(); - outp += outbuf-old_outbuf; + outp = outbuf + s; } Thanks, Anatoly. -- Anatoly Vorobey, mellon@pobox.com http://pobox.com/~mellon/ "Angels can fly because they take themselves lightly" - G.K.Chesterton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message