Bug in xsg as of 2.9pl3, fixed, here's the patch

To: vanilla-list@us.netrek.org
Subject: Bug in xsg as of 2.9pl3, fixed, here's the patch
From: Peter Mardahl <peterm@langmuir.EECS.Berkeley.EDU>
Date: Sun, 15 Aug 1999 23:16:36 -0700


The problem is a misallocation of memory:


The problem is that it would allocate a buffer of length l,
and then sprintf a string of length
l+8
or so into it.

This would hoze xsg when it tried to record.

Please include this patch into the Vanilla source code for
xsg:


diff -rc Vanilla-2.9pl3.old/xsg/main.c Vanilla-2.9pl3/xsg/main.c
*** Vanilla-2.9pl3.old/xsg/main.c       Fri Jan 29 17:30:17 1999
--- Vanilla-2.9pl3/xsg/main.c   Wed Aug  4 23:57:36 1999
***************
*** 567,573 ****
     if((s=getdefault("recordfile"))){
        int l = strlen(s);
        if(s[l-1] == '/'){
!        t = (char *)malloc(l+1);
         sprintf(t, "%srf-%d.xsg", s, getpid());
         return t;
        }
--- 567,573 ----
     if((s=getdefault("recordfile"))){
        int l = strlen(s);
        if(s[l-1] == '/'){
!        t = (char *)malloc(l+20);
         sprintf(t, "%srf-%d.xsg", s, getpid());
         return t;
        }

Follow-Ups:
- Re: [VANILLA-LIST:2599] Bug in xsg as of 2.9pl3, fixed, here's the patch
  - From: James Cameron <quozl@us.netrek.org>

Prev by Date: Re: Escorting stat, on new experimental server! Be the first admiral!
Next by Date: Re: [VANILLA-LIST:2598] Re: Escorting stat, on new experimental server! Be the first admiral!
Prev by thread: Re: Escorting stat, on new experimental server! Be the first admiral!
Next by thread: Re: [VANILLA-LIST:2599] Bug in xsg as of 2.9pl3, fixed, here's the patch
Index(es):
- Date
- Thread