[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
lynx-dev bug report
|
From: |
Perry Wagle |
|
Subject: |
lynx-dev bug report |
|
Date: |
Thu, 22 Jul 1999 17:03:03 -0700 (PDT) |
In the lynx source that comes with redhat 5.2 and 6.0, in the file
lynx2-8-1/src/chrtrans/makeuctb.c, line 654 is:
id_append[i+1] = '\0';
in the context:
if (this_isDefaultMap == 1) {
*id_append = '\0';
} else {
for (i = 0, p = this_MIMEcharset;
*p && (i < UC_MAXLEN_ID_APPEND-1);
p++, i++) {
id_append[i+1] = isalnum(*p) ? *p : '_';
}
}
id_append[i+1] = '\0';
fprintf(stderr, " (%s).\n", id_append);
which means that if this_isDefaultMap == 1, then "i" is not initialized. In
my case, "i == 256", way beyond the bounds of the array.
The new stackguard compiler permutes memory enough to cause this to cause
printf to segfault while dynamically loading during first invocation.
I patched this by moving the errant assignment up into the else clause of the
if:
-------------------------------------------------------------------------------
*** src/chrtrans/makeuctb.c~ Sat Sep 26 20:28:34 1998
--- src/chrtrans/makeuctb.c Thu Jul 22 17:05:40 1999
***************
*** 651,656 ****
id_append[i+1] = isalnum(*p) ? *p : '_';
}
}
- id_append[i+1] = '\0';
fprintf(stderr, " (%s).\n", id_append);
--- 651,656 ----
id_append[i+1] = isalnum(*p) ? *p : '_';
}
+ id_append[i+1] = '\0';
}
fprintf(stderr, " (%s).\n", id_append);
-------------------------------------------------------------------------------
-- Perry Wagle (address@hidden)
- lynx-dev bug report,
Perry Wagle <=
- Re: lynx-dev bug report, T.E.Dickey, 1999/07/22
- Re: lynx-dev bug report, Perry Wagle, 1999/07/22
- Re: lynx-dev bug report, T.E.Dickey, 1999/07/22
- Re: lynx-dev bug report, Frederic L. W. Meunier, 1999/07/23
- Re: lynx-dev bug report, T.E.Dickey, 1999/07/23
- Re: lynx-dev bug report, Frederic L. W. Meunier, 1999/07/23
- Re: lynx-dev bug report, Frederic L. W. Meunier, 1999/07/23