kern/140386: segfault in fmtmsg(3) with MM_NULLACT

soulcatcher soulcatcher13 at gmail.com
Sun Nov 8 12:20:04 UTC 2009 

>Number:         140386
>Category:       kern
>Synopsis:       segfault in fmtmsg(3) with MM_NULLACT
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Nov 08 12:20:04 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     soulcatcher
>Release:        FreeBSD 7.2-STABLE
>Organization:
>Environment:
FreeBSD xxx.org 7.2-STABLE FreeBSD 7.2-STABLE #4: Sun Oct  4 19:58:35 UTC 2009     xxx.org:/usr/obj/usr/src/sys/GENERIC  amd64
>Description:
obvious bug in /usr/src/lib/libc/gen/fmtmsg.c

>How-To-Repeat:
#include <fmtmsg.h>

int main(int argc, char * argv[])
{
    fmtmsg(MM_UTIL | MM_PRINT, "BSD:ls", MM_ERROR,
            "illegal option &#8208;&#8208; z", MM_NULLACT, "BSD:ls:001");
    return 0;
}

gcc main.c
./a.out dumps core

>Fix:


Patch attached with submission follows:

--- fmtmsg.c.bak	2009-11-08 15:01:29.000000000 +0300
+++ fmtmsg.c	2009-11-08 15:09:08.000000000 +0300
@@ -128,7 +128,7 @@
 		size += strlen(sevname);
 	if (text != MM_NULLTXT)
 		size += strlen(text);
-	if (text != MM_NULLACT)
+	if (act != MM_NULLACT)
 		size += strlen(act);
 	if (tag != MM_NULLTAG)
 		size += strlen(tag);


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list