gww@marduk.UUCP (Gary Winiger) (09/05/87)
Subject: Learn dereferences null pointers and doesn't always clear EOF. +Fix
Index: usr.bin/learn 4.3BSD +Fix
Description:
Procedure action can return a null. This is dereferenced before it
is checked for.
Procedure scopy is called many places with a NULL parameter. This
is dereferenced before it is checked.
In both copy.c and selsub.c an EOF condition can be encountered
and is not reset before rereading the same file.
Repeat-By:
Having a machine that will not accept null pointers.
Having users type ^D at unexpected places.
Fix:
The attached code resolves these problems at Elxsi.
Gary..
{ucbvax!sun,lll-lcc!lll-tis,amdahl!altos86,bridge2}!elxsi!gww
--------- cut --------- snip --------- :.,$w diff -------------
*** /tmp/,RCSt1001152 Tue Dec 30 14:37:13 1986
--- copy.c Tue Dec 30 14:36:53 1986
***************
*** 1,11 ****
/*
* $Log: copy.c,v $
* Revision 1.1 86/12/30 14:15:54 gww
* Initial revision
*
*/
#ifndef lint
! static char *ERcsId = "$Header: copy.c,v 1.1 86/12/30 14:15:54 gww Exp $ ENIX BSD";
static char sccsid[] = "@(#)copy.c 4.3 (Berkeley) 5/15/86";
#endif not lint
--- 1,15 ----
/*
* $Log: copy.c,v $
+ * Revision 1.2 86/12/30 14:36:21 gww
+ * Stop dereferencing null pointers.
+ * Stop looping on EOF from user.
+ *
* Revision 1.1 86/12/30 14:15:54 gww
* Initial revision
*
*/
#ifndef lint
! static char *ERcsId = "$Header: copy.c,v 1.2 86/12/30 14:36:21 gww Exp $ ENIX BSD";
static char sccsid[] = "@(#)copy.c 4.3 (Berkeley) 5/15/86";
#endif not lint
***************
*** 56,62 ****
}
r = wordb(s, t); /* t = first token, r = rest */
p = action(t); /* p = token class */
! if (*p == ONCE) { /* some actions done only once per script */
if (wrong && !review) { /* we are on 2nd time */
scopy(fin, NULL);
continue;
--- 60,67 ----
}
r = wordb(s, t); /* t = first token, r = rest */
p = action(t); /* p = token class */
! if (p != 0 && *p == ONCE) {
! /* some actions done only once per script */
if (wrong && !review) { /* we are on 2nd time */
scopy(fin, NULL);
continue;
***************
*** 245,252 ****
}
if (fgets(s, 100,f))
return(1);
! else
return(0);
}
trim(s)
--- 250,259 ----
}
if (fgets(s, 100,f))
return(1);
! else {
! clearerr(f);
return(0);
+ }
}
trim(s)
***************
*** 272,278 ****
if (c == '\n')
break;
if (c == EOF) {
! fflush(fo);
return;
}
if (fo != NULL)
--- 279,286 ----
if (c == '\n')
break;
if (c == EOF) {
! if (fo != NULL)
! fflush(fo);
return;
}
if (fo != NULL)
***************
*** 288,294 ****
}
if (c == '#')
ungetc(c, fi);
! fflush(fo);
}
cmp(r) /* compare two files for status; #cmp f1 f2 [ firstnlinesonly ] */
--- 296,303 ----
}
if (c == '#')
ungetc(c, fi);
! if (fo != NULL)
! fflush(fo);
}
cmp(r) /* compare two files for status; #cmp f1 f2 [ firstnlinesonly ] */
*** /tmp/,RCSt1001135 Tue Dec 30 14:34:56 1986
--- selsub.c Tue Dec 30 14:34:31 1986
***************
*** 1,11 ****
/*
* $Log: selsub.c,v $
* Revision 1.1 86/12/30 14:16:15 gww
* Initial revision
*
*/
#ifndef lint
! static char *ERcsId = "$Header: selsub.c,v 1.1 86/12/30 14:16:15 gww Exp $ ENIX BSD";
static char sccsid[] = "@(#)selsub.c 4.3 (Berkeley) 5/15/86";
#endif not lint
--- 1,14 ----
/*
* $Log: selsub.c,v $
+ * Revision 1.2 86/12/30 14:34:02 gww
+ * Stop loop on EOF from user.
+ *
* Revision 1.1 86/12/30 14:16:15 gww
* Initial revision
*
*/
#ifndef lint
! static char *ERcsId = "$Header: selsub.c,v 1.2 86/12/30 14:34:02 gww Exp $ ENIX BSD";
static char sccsid[] = "@(#)selsub.c 4.3 (Berkeley) 5/15/86";
#endif not lint
***************
*** 84,89 ****
--- 87,93 ----
if (sname[0] == '\0') {
list("Xinfo");
do {
+ clearerr(stdin);
printf("\nWhich subject? ");
fflush(stdout);
gets(sname=subname);