bin/59995: various fixes to ppp dumping core
Brian Somers
brian at FreeBSD.org
Mon Oct 11 03:17:28 PDT 2004
On Wed, 6 Oct 2004 06:04:21 GMT, Gleb Smirnoff <glebius at FreeBSD.org> wrote:
> Synopsis: various fixes to ppp dumping core
>
> Responsible-Changed-From-To: freebsd-bugs->brian
> Responsible-Changed-By: glebius
> Responsible-Changed-When: Wed Oct 6 06:03:18 GMT 2004
> Responsible-Changed-Why:
> Over to ppp(8) maintainer.
>
> http://www.freebsd.org/cgi/query-pr.cgi?pr=59995
As already suggested, free(NULL) is ok to do, so no patch to chap.c is
necessary.
The proposed patch to command.c is wrong.
Consider
subst("hello world!", "world", "universe")
The line
ntgt = realloc(tgt, ltgt += lnewstr - loldstr);
allocates 16 bytes (13 + 8 - 5). The lines
if (lnewstr > loldstr)
bcopy(word + loldstr, word + lnewstr, ltgt - pos - loldstr);
copy the end of the string ("!\000"):
bcopy(word + 5, word + 8, 2)
With the command.c patch this would become
bcopy(word + 5, word + 8, -1)
The proposed patch to ncp.c has already been fixed in -current to support
WARNS=3.
--
Brian <brian at Awfulhak.org> <brian@[uk.]FreeBSD.org>
<http://www.Awfulhak.org> <brian@[uk.]OpenBSD.org>
Don't _EVER_ lose your sense of humour !
More information about the freebsd-bugs
mailing list