gww@beatnix.UUCP (Gary Winiger) (03/13/88)
Subject: mt dereferences a null pointer when printing register status +FIX Index: bin/mt.c 4.3BSD +Fix Description: When the status command is used for a tape type with a null field for dsbits or erbits, a null pointer will be dereferenced. Repeat-By: On a system which does not permit dereferencing a null pointer run: mt -f /dev/<device where dsbits or erbits is null> status Take a core dump. Fix: Place a guard before dereferencing the null pointer. The attached code solves this problem at Elxsi. Gary.. {ucbvax!sun,lll-lcc!lll-tis,amdahl!altos86,bridge2}!elxsi!gww --------- cut --------- snip --------- :.,$w diff ------------- *** /tmp/,RCSt1014570 Tue Dec 15 16:53:33 1987 --- /tmp/,RCSt2014570 Tue Dec 15 16:53:34 1987 *************** *** 1,5 **** --- 1,8 ---- /* * $Log: mt.c,v $ + * Revision 1.2 87/12/15 16:53:02 gww + * Prevent dereference of null pointer. + * * Revision 1.1 86/12/17 18:14:20 gww * Initial revision * *************** *** 17,23 **** #endif not lint #ifndef lint ! static char *ERcsId = "$Header: mt.c,v 1.1 86/12/17 18:14:20 gww Exp $ ENIX BSD"; static char sccsid[] = "@(#)mt.c 5.1 (Berkeley) 4/30/85"; #endif not lint --- 20,26 ---- #endif not lint #ifndef lint ! static char *ERcsId = "$Header: mt.c,v 1.2 87/12/15 16:53:02 gww Exp $ ENIX BSD"; static char sccsid[] = "@(#)mt.c 5.1 (Berkeley) 4/30/85"; #endif not lint *************** *** 179,185 **** printf("%s=%o", s, v); else printf("%s=%x", s, v); ! bits++; if (v && bits) { putchar('<'); while (i = *bits++) { --- 182,189 ---- printf("%s=%o", s, v); else printf("%s=%x", s, v); ! if (bits) ! bits++; if (v && bits) { putchar('<'); while (i = *bits++) {