bug-texinfo
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Segfault in makeinfo in GNU texinfo-4.3 package (fix included)


From: Ronald F. Guilmette
Subject: Segfault in makeinfo in GNU texinfo-4.3 package (fix included)
Date: Tue, 26 Nov 2002 01:08:04 -0800

I have been experiencing segmentation faults in makeinfo for quite a
long time now... over a year.  Please see:

    http://www.freebsd.org/cgi/query-pr.cgi?pr=45598

for more info.

Anyway, I finally got off my ass and tracked down the root cause of
these crashes.

Quite simply, there are cases where the code on line 337 of the makinfo
index.c file, i.e.:

    undefindex (name_index_alist[i]->name);

gets executed when name_index_alist[i] has a NULL value.  And dereferencing
a NULL is a very Bad Idea.

You can tell that the code fully _expects_ that name_index_alist[i] will
have a NULL valud, in some cases, at this point in the code, just by looking
at the next following code line, which reads:

    if (name_index_alist[i])

Obviously, it *is* possible for name_index_alist[i] to have a NULL value,
right around this point in the code, and indeed, that condition is even
expected.  The problem is that we are dereferencing that value (on line 337)
before we have checked to see if the value is NULL or not.  (If it is NULL,
then we definitely DO NOT want to perform the deference.)

A suitable (and trivial, and obvious) patch for this error is provided below.
all that is needed is to move the dereferencing statement to a point
_after_ we have checked if the value of if name_index_alist[i] is NULL
or not.


diff -rc2 src/4.3/makeinfo/index.c build/4.3/makeinfo/index.c
*** src/4.3/makeinfo/index.c    Thu Nov  7 14:16:20 2002
--- build/4.3/makeinfo/index.c  Tue Nov 26 00:53:39 2002
***************
*** 335,339 ****
    for (i = 0; i < defined_indices; i++)
      {
-       undefindex (name_index_alist[i]->name);
        if (name_index_alist[i])
          { /* Suppose we're called with two input files, and the first
--- 335,338 ----
***************
*** 343,346 ****
--- 342,346 ----
               here; otherwise, when we try to define the pg index again
               just below, it will still point to cp.  */
+           undefindex (name_index_alist[i]->name);
            free (name_index_alist[i]->name);
            free (name_index_alist[i]);




reply via email to

[Prev in Thread] Current Thread [Next in Thread]