[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[findutils-4.5.2] NULL pointer dereferencing, and a trivial patch
From: |
Nelson H. F. Beebe |
Subject: |
[findutils-4.5.2] NULL pointer dereferencing, and a trivial patch |
Date: |
Fri, 12 Sep 2008 14:07:14 -0600 (MDT) |
Yesterday, I installed findutils-4.5.2 on about 25 flavors of Unix
in our labs. Today, we found that it gets a segment violation
on Sun Solaris SPARC, easily replicated like this:
find ~/.cshrc -printf '%TY'
The backtrace of the core dump shows
#0 0xff209678 in doformat () from /lib/libc.so.1
#1 0xff209710 in strftime () from /lib/libc.so.1
#2 0x0001734c in format_date (ts={tv_sec = 1221016463, tv_nsec = 381255880},
kind=89) at pred.c:2097
#3 0x000180a0 in pred_fprintf (pathname=0x59778 "ThingsToDo",
stat_buf=0xffbff5e0, pred_ptr=0x59268) at pred.c:1108
#4 0x0001b044 in apply_predicate (pathname=0x59778 "ThingsToDo",
stat_buf=0xffbff5e0, p=0x59268) at util.c:988
#5 0x00016dd8 in pred_and (pathname=0x59778 "ThingsToDo",
stat_buf=0xffbff5e0, pred_ptr=0x59188) at pred.c:327
#6 0x0001b044 in apply_predicate (pathname=0x59778 "ThingsToDo",
stat_buf=0xffbff5e0, p=0x59188) at util.c:988
#7 0x00015430 in find (arg=<value optimized out>) at ftsfind.c:237
#8 0x00015674 in main (argc=<value optimized out>, argv=<value optimized out>)
at ftsfind.c:637
The installation tests did not catch this error: all of them passed.
I made this trivial patch:
% diff -c find/pred.c.~1~ find/pred.c
*** find/pred.c.~1~ Sat Jun 21 06:02:51 2008
--- find/pred.c Fri Sep 12 14:00:31 2008
***************
*** 2073,2078 ****
--- 2073,2083 ----
boolean done = false;
struct tm altered_time;
+ if (buf_size == 0u)
+ {
+ buf_size = 1024u;
+ buf = xmalloc(buf_size);
+ }
/* If the format expands to nothing (%p in some locales, for
* example), strftime can return 0. We actually want to distinguish
This may not logically be the desired thing (e.g., a 1KB size is
arbitrary), but it allows the simple test to complete correctly, and
prevents a NULL pointer being passed to strftime().
I've reinstalled this patched version on our Solaris SPARC systems and
we'll see if further problems arise.
-------------------------------------------------------------------------------
- Nelson H. F. Beebe Tel: +1 801 581 5254 -
- University of Utah FAX: +1 801 581 4148 -
- Department of Mathematics, 110 LCB Internet e-mail: address@hidden -
- 155 S 1400 E RM 233 address@hidden address@hidden -
- Salt Lake City, UT 84112-0090, USA URL: http://www.math.utah.edu/~beebe/ -
-------------------------------------------------------------------------------
- [findutils-4.5.2] NULL pointer dereferencing, and a trivial patch,
Nelson H. F. Beebe <=