[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Man-db-devel] mandb: double free or corruption
|
From: |
Peter Schiffer |
|
Subject: |
[Man-db-devel] mandb: double free or corruption |
|
Date: |
Mon, 03 Oct 2011 13:46:51 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux i686 on x86_64; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1 |
Hello,
I am sending quick-fix patch solving double free or corruption crash in
man-db.
This man page caused problem:
ult_src: File /usr/share/man/man8/dpm-srmv1.8.gz in mantree /usr/share/man
ult_softlink: (/usr/lib64/dpm-mysql/dpm-srmv1.8.gz)
"srmv1 - start the SRM v1 server"
record = 'srmv1 - start the SRM v1 server'
trace->names[0] = '/usr/share/man/man8/dpm-srmv1.8.gz'
trace->names[1] = '/usr/lib64/dpm-mysql/dpm-srmv1.8.gz'
mandb: warning: /usr/lib64/dpm-mysql/dpm-srmv1.8.gz: ignoring bogus filename
When function filename_info is called from src/descriptions_store.c:95
with '/usr/lib64/dpm-mysql/dpm-srmv1.8.gz' as first param, it exits on
src/filenames.c:140 because of bogus filename (info->sec is '-mysql'
instead of 8), returns null and doesn't set trace_info.name.
After that, trying to free trace_info.name in
src/descriptions_store.c:119 is causing crash.
Patch is only hotfix, feel free to modify it or solve this issue anyway
you wish.
peter
man-db-2.6.0.2-double-free.patch
Description: Text document
- [Man-db-devel] mandb: double free or corruption,
Peter Schiffer <=