Subject: bin/33699: segfault in ed (patch)
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org>
From: None <hypnosses@pulltheplug.org>
List: netbsd-bugs
Date: 06/11/2006 04:30:00
>Number: 33699
>Category: bin
>Synopsis: segfault in ed (patch)
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Sun Jun 11 04:30:00 +0000 2006
>Originator: Kevin Massey
>Release:
>Organization:
None
>Environment:
>Description:
ed segfaults with large string
>How-To-Repeat:
ed `perl -e 'print "a" x 999'`
>Fix:
Index: main.c
===================================================================
RCS file: /cvsroot/src/bin/ed/main.c,v
retrieving revision 1.17
diff -u -r1.17 main.c
--- main.c 26 Jun 2005 19:10:49 -0000 1.17
+++ main.c 9 Jun 2006 19:25:03 -0000
@@ -177,7 +177,7 @@
if (read_file(*argv, 0) < 0 && !isatty(0))
quit(2);
else if (**argv != '!')
- strcpy(old_filename, *argv);
+ strlcpy(old_filename, *argv, MAXPATHLEN - 1);
} else if (argc) {
fputs("?\n", stderr);
if (**argv == '\0')
@@ -510,7 +510,7 @@
return ERR;
else if (open_sbuf() < 0)
return FATAL;
- if (*fnp && *fnp != '!') strcpy(old_filename, fnp);
+ if (*fnp && *fnp != '!') strlcpy(old_filename, fnp,
MAXPATHLEN - 1);
#ifdef BACKWARDS
if (*fnp == '\0' && *old_filename == '\0') {
sprintf(errmsg, "no current filename");
@@ -537,7 +537,7 @@
return ERR;
}
GET_COMMAND_SUFFIX();
- if (*fnp) strcpy(old_filename, fnp);
+ if (*fnp) strlcpy(old_filename, fnp, MAXPATHLEN - 1);
printf("%s\n", strip_escapes(old_filename));
break;
case 'g':
@@ -668,7 +668,7 @@
GET_COMMAND_SUFFIX();
if (!isglobal) clear_undo_stack();
if (*old_filename == '\0' && *fnp != '!')
- strcpy(old_filename, fnp);
+ strlcpy(old_filename, fnp, MAXPATHLEN - 1);
#ifdef BACKWARDS
if (*fnp == '\0' && *old_filename == '\0') {
sprintf(errmsg, "no current filename");
@@ -802,7 +802,7 @@
return ERR;
GET_COMMAND_SUFFIX();
if (*old_filename == '\0' && *fnp != '!')
- strcpy(old_filename, fnp);
+ strlcpy(old_filename, fnp,MAXPATHLEN - 1);
#ifdef BACKWARDS
if (*fnp == '\0' && *old_filename == '\0') {
sprintf(errmsg, "no current filename");