stu@jpusa1.UUCP (Stu Heiss) (02/05/88)
I've been getting an occasional core dump from rnews -U (patchlevel 14) and tracked down a problem in control.c. In c_cancel() there is a while loop that parses space separated tokens (pathnames) from the history. The loop does not terminate properly as there is no test for a null pointer at the bottom of the loop before incrementing past the possibly non-existent space. RCS file: RCS/control.c,v retrieving revision 1.1 diff -c -r1.1 control.c *** /tmp/,RCSt1a19990 Thu Feb 4 10:35:27 1988 --- control.c Thu Feb 4 09:22:53 1988 *************** *** 690,695 } (void) unlink(nfilename); p = q+1; } #endif /* !NFSCLIENT */ --- 690,697 ----- } (void) unlink(nfilename); + if (!q) + break; p = q+1; } #endif /* !NFSCLIENT */ -- Stu Heiss {spl1,gargoyle,ihnp4}!jpusa1!stu
rees@apollo.uucp (Jim Rees) (02/08/88)
This fix is also required if you are running C expire. I fixed it
a little bit differently:
***************
*** 657,663 ****
#endif /* ORGDISTRIB */
STRCMP(header.distribution, "local") == 0))
su = 1;
! while (*p) {
q = index(p, ' ');
if (q)
*q = '\0';
--- 680,686 ----
#endif /* ORGDISTRIB */
STRCMP(header.distribution, "local") == 0))
su = 1;
! while (q && *p) {
q = index(p, ' ');
if (q)
*q = '\0';