git: 10e602164f02 - stable/14 - ee: Fix use of uninitialised pointer in ispell_op
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 07 Sep 2024 01:48:03 UTC
The branch stable/14 has been updated by jrtc27:
URL: https://cgit.FreeBSD.org/src/commit/?id=10e602164f0281d5f5dfea9ebf2b29fba4a716bc
commit 10e602164f0281d5f5dfea9ebf2b29fba4a716bc
Author: Jessica Clarke <jrtc27@FreeBSD.org>
AuthorDate: 2024-06-02 22:53:09 +0000
Commit: Jessica Clarke <jrtc27@FreeBSD.org>
CommitDate: 2024-09-07 00:01:06 +0000
ee: Fix use of uninitialised pointer in ispell_op
This used to be name = mktemp followed by fd = open downstream,
replacing upstream's crude PID-based sprintf, but in 1.4.7 this was
changed upstream to this buggy code, which we then picked up in the
1.5.0 import. Presumably nobody's actually used ee's ispell function
in the past 15 years; that or it's just ended up using junk file names
as temporary files if name's happened to be a valid address to something
that can be interpreted as a string.
Reported by: Dapeng Gao <dapeng.gao@cl.cam.ac.uk>
Fixes: 96b676e99984 ("Update ee(1) in the base system to version 1.5.0.")
MFC after: 1 week
(cherry picked from commit 25a33bfe9ce2b55812201f475e9d3e64009b40dc)
---
contrib/ee/ee.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/contrib/ee/ee.c b/contrib/ee/ee.c
index 2f122981dbe7..a14f9c0ead13 100644
--- a/contrib/ee/ee.c
+++ b/contrib/ee/ee.c
@@ -4431,6 +4431,7 @@ ispell_op(void)
}
(void)sprintf(template, "/tmp/ee.XXXXXXXX");
fd = mkstemp(template);
+ name = template;
if (fd < 0) {
wmove(com_win, 0, 0);
wprintw(com_win, create_file_fail_msg, name);