git: 25a33bfe9ce2 - main - ee: Fix use of uninitialised pointer in ispell_op
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 02 Jun 2024 22:55:47 UTC
The branch main has been updated by jrtc27:
URL: https://cgit.FreeBSD.org/src/commit/?id=25a33bfe9ce2b55812201f475e9d3e64009b40dc
commit 25a33bfe9ce2b55812201f475e9d3e64009b40dc
Author: Jessica Clarke <jrtc27@FreeBSD.org>
AuthorDate: 2024-06-02 22:53:09 +0000
Commit: Jessica Clarke <jrtc27@FreeBSD.org>
CommitDate: 2024-06-02 22:53:09 +0000
ee: Fix use of uninitialised pointer in ispell_op
This used to be name = mktemp followed by fd = open downstream,
replacing upstream's crude PID-based sprintf, but in 1.4.7 this was
changed upstream to this buggy code, which we then picked up in the
1.5.0 import. Presumably nobody's actually used ee's ispell function
in the past 15 years; that or it's just ended up using junk file names
as temporary files if name's happened to be a valid address to something
that can be interpreted as a string.
Reported by: Dapeng Gao <dapeng.gao@cl.cam.ac.uk>
Fixes: 96b676e99984 ("Update ee(1) in the base system to version 1.5.0.")
MFC after: 1 week
---
contrib/ee/ee.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/contrib/ee/ee.c b/contrib/ee/ee.c
index 072d26519f4c..5576537f3fad 100644
--- a/contrib/ee/ee.c
+++ b/contrib/ee/ee.c
@@ -4431,6 +4431,7 @@ ispell_op(void)
}
(void)sprintf(template, "/tmp/ee.XXXXXXXX");
fd = mkstemp(template);
+ name = template;
if (fd < 0) {
wmove(com_win, 0, 0);
wprintw(com_win, create_file_fail_msg, name);