[BusyBox 0004694]: hexdump segfault/NULL pointer dereference
bugs at busybox.net
bugs at busybox.net
Fri Aug 22 04:20:14 UTC 2008
The following issue has been SUBMITTED.
======================================================================
http://busybox.net/bugs/view.php?id=4694
======================================================================
Reported By: cristic
Assigned To: BusyBox
======================================================================
Project: BusyBox
Issue ID: 4694
Category: Other
Reproducibility: always
Severity: crash
Priority: normal
Status: assigned
======================================================================
Date Submitted: 08-21-2008 21:20 PDT
Last Modified: 08-21-2008 21:20 PDT
======================================================================
Summary: hexdump segfault/NULL pointer dereference
Description:
hexdump -e ""
segfaults on my machine due to NULL pointer dereference.
56: dumper_t *dumper = alloc_dumper();
...
86: if (ch == 'e') {
87: bb_dump_add(dumper, optarg);
...
116: return bb_dump_dump(dumper, argv);
The problem is as follows: hexdump.c:56 allocates a new dumper, and
later hexdump.c:86 sets dumper->fshead to point to {nextfs = 0x0,
nextfu = 0x0, bcnt = 0}. Then bb_dump_dump() is called, which in
turn calls rewrite(dumper, tfs) with tfs=dumper->fshead:
301: for (fu = fs->nextfu;; fu = fu->nextfu) {
302: if (!fu->nextfu && fs->bcnt < dumper->blocksize
&& !(fu->flags & F_SETREP) && fu->bcnt
) {
On dump.c:301, fu is set to fs->nextfu, which is NULL. Then on line
302, fu is dereferenced, causing a NULL pointer dereference.
Is line 301 supposed to be "for (fu = fs->nextfu; fu; fu = fu->nextfu)"?
Thanks,
Cristian
======================================================================
Issue History
Date Modified Username Field Change
======================================================================
08-21-08 21:20 cristic New Issue
08-21-08 21:20 cristic Status new => assigned
08-21-08 21:20 cristic Assigned To => BusyBox
======================================================================
More information about the busybox-cvs
mailing list