john@inthap.UUCP (02/27/87)
Here is the description and fix for a bug in the new 'l' and 'L' commands added to news 2.11 by patch #3. The bug is in the list_group routine in file rfuncs.c Patch #3 adds the new vnews 'L' and 'l' commands, but contains a bug. Variable lg_array is a static pointing to a data area used by procedure list_group. The first time list_group is called lg_array is null and space for it is malloced. At the end of list_group, lg_array is freed but the pointer is not set back to null. On the next call to list_group, lg_array is NOT null and no space is allocated causing the heap to be over written by lg_array. The fix is obvious, either take out the call to free at the end of list_group or remove the test for lg_array = null from around the malloc of lg_array at the start of list_group. -- John Casey Intel Corporation (516) 231-3300 oliveb!intelca!intsc! \ bellcore!motown!mergvax! >inthap!john philabs!polycatt!polyof! /