Subject: bin/7887: savecore dumps core if bounds unwriteable
To: None <gnats-bugs@gnats.netbsd.org>
From: None <ronald@chersonese.com>
List: netbsd-bugs
Date: 07/01/1999 01:36:54
>Number:         7887
>Category:       bin
>Synopsis:       bogus fclose() in src/sbin/savecore/savecore.c
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jul  1 01:35:01 1999
>Last-Modified:
>Originator:     Ronald Khoo
>Organization:
	Tea & biscuits
>Release:        as per uname below
>Environment:
	
System: NetBSD leek.chersonese.com 1.4D NetBSD 1.4D (LEEK) #0: Thu Jul 1 15:33:41 MYT 1999 root@leek.chersonese.com:/usr/src/sys/arch/i386/compile/LEEK i386


>Description:
At line 425 of src/sbin/savecore/savecore.c, there is an fclose()
that should not be there.  Look at the previous lines and see
that fclose will either be passed an already-closed fp (bogus)
or null (which gets you a sigsegv).

        if ((fp = fopen(path, "w")) == NULL)
                syslog(LOG_ERR, "%s: %m", path);
        else {
                (void)fprintf(fp, "%d\n", bounds + 1);
                (void)fclose(fp);
        }
        (void)fclose(fp);

>How-To-Repeat:
	put a coredump on your dump device with halt -d
	boot -s and run savecore into a readonly /var/crash
	note that savecore gets a SIGSEGV

>Fix:
	remove the fclose() at line 425.
>Audit-Trail:
>Unformatted: