patch for less v97: unset variable in exec_mca() can lead to core dump
Paul Eggert
eggert at sm.unisys.com
Tue Sep 27 02:27:42 AEST 1988
In less version 97, a local variable 'n' in exec_mca() is not initialized.
If n's initial garbage is a small negative number, 'less' can dump core because
it allocates a buffer that is too small, and then overruns the buffer.
Here's a fix to line 309 of command.c.
*** less97/command.c Mon Sep 26 09:03:50 1988
--- patched/command.c Mon Sep 26 08:48:26 1988
***************
*** 307,311 ****
* need to allocate for the expanded shell cmd.
*/
! for (fr = cmdbuf; *fr != '\0'; fr++)
if (*fr == '%')
n += strlen(current_file);
--- 307,311 ----
* need to allocate for the expanded shell cmd.
*/
! for (fr = cmdbuf, n = 0; *fr != '\0'; fr++)
if (*fr == '%')
n += strlen(current_file);
More information about the Comp.sources.bugs
mailing list