stu@jpusa1.UUCP (Stu Heiss) (02/05/88)
I've been getting an occasional core dump from rnews -U (patchlevel 14) and tracked down a problem in control.c. In c_cancel() there is a while loop that parses space separated tokens (pathnames) from the history. The loop does not terminate properly as there is no test for a null pointer at the bottom of the loop before incrementing past the possibly non-existent space. RCS file: RCS/control.c,v retrieving revision 1.1 diff -c -r1.1 control.c *** /tmp/,RCSt1a19990 Thu Feb 4 10:35:27 1988 --- control.c Thu Feb 4 09:22:53 1988 *************** *** 690,695 } (void) unlink(nfilename); p = q+1; } #endif /* !NFSCLIENT */ --- 690,697 ----- } (void) unlink(nfilename); + if (!q) + break; p = q+1; } #endif /* !NFSCLIENT */ -- Stu Heiss {spl1,gargoyle,ihnp4}!jpusa1!stu
rees@apollo.uucp (Jim Rees) (02/08/88)
This fix is also required if you are running C expire. I fixed it a little bit differently: *************** *** 657,663 **** #endif /* ORGDISTRIB */ STRCMP(header.distribution, "local") == 0)) su = 1; ! while (*p) { q = index(p, ' '); if (q) *q = '\0'; --- 680,686 ---- #endif /* ORGDISTRIB */ STRCMP(header.distribution, "local") == 0)) su = 1; ! while (q && *p) { q = index(p, ' '); if (q) *q = '\0';