Re: unitialized buffer used in error situation

[Derek Robert Price]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mark D. Baushke wrote:

|Todd C. Miller <Todd.Miller@courtesan.com> writes:
|
|>One of the OpenBSD developers (David Krause) recently ran into a
|>cvs crash caused by the use of an unitialized buffer.  I examined
|>the traceback and found the source of the crash.  The simple fix
|>follows.
|
|
|Patch applied to both the stable and development branches.


Mark, I think we're better off than before after this patch, but it you
look where make_file_label is called in src/diff.c and the result then
passed to diff, it looks like the label can shift to the wrong file when
the first call to make_file_label returns a NULL:

~    call_diff_setup (args);
~    if (label1)
~        call_diff_arg (label1);
~    if (label2)
~        call_diff_arg (label2);
~    call_diff_arg ("--");
~    call_diff_arg (file1);
~    call_diff_arg (file2);
~    free (args);

If label1 is NULL, then diff interprets the first label argument, in
this case label2, as being attached to file1.

I'm not sure what could cause the call to CVS_STAT to fail and then the
label not to be set, but I think the correct fix here is either to make
the failed stat a fatal error or to create a label with just PATH or the
like.  Todd, do you know what was causing the CVS_STAT command to fail
on your reporter's system?

Derek

- --
~                *8^)

Email: derek@ximbiot.com

Get CVS support at <http://ximbiot.com>!
- --
It is as useless to argue with those who have renounced the use and
authority of reason as to administer medication to the dead.

           - Thomas Jefferson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Netscape - http://enigmail.mozdev.org

iD8DBQE/dL8pLD1OTBfyMaQRAkCRAKDKcpJULvqoOaIn3kHMAUsx+2xzFwCgiCn7
LrxpeztzfvR+mM2DysW/f0w=
=eGC0
-----END PGP SIGNATURE-----