Date: Wed, 28 Jan 2015 19:41:47 +1100 (EST) From: Bruce Evans <brde@optusnet.com.au> To: "Pedro F. Giffuni" <pfg@freebsd.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r277802 - head/usr.bin/sed Message-ID: <20150128190500.T1832@besplex.bde.org> In-Reply-To: <201501271858.t0RIwO3n096590@svn.freebsd.org> References: <201501271858.t0RIwO3n096590@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 27 Jan 2015, Pedro F. Giffuni wrote: > Log: > Fix resource leak and dereference after NULL. > > process.c: > Protect access against NULL. > > main.c: > Prevent outfile overwrite resource leak. > ... > Modified: head/usr.bin/sed/main.c > ============================================================================== > --- head/usr.bin/sed/main.c Tue Jan 27 18:56:46 2015 (r277801) > +++ head/usr.bin/sed/main.c Tue Jan 27 18:58:24 2015 (r277802) > @@ -411,6 +411,8 @@ mf_fgets(SPACE *sp, enum e_spflag spflag > unlink(tmpfname); > if ((outfile = fopen(tmpfname, "w")) == NULL) > err(1, "%s", fname); > + if (outfile != NULL && outfile != stdout) > + fclose(outfile); > fchown(fileno(outfile), sb.st_uid, sb.st_gid); > fchmod(fileno(outfile), sb.st_mode & ALLPERMS); > outfname = tmpfname; This is mismerged at best. It just breaks the new outfile by closing it. The check in it makes no sense in this contents, since the freshly-opened outfile cannot be NULL (since the open succeeded) or stdout (fopen() cannot return a pointer to an already-open stream, so it can only return stdout if the stdout pointer is garbage, but then it is not really stdout). Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150128190500.T1832>