less: segmentation fault and fix
Tito
farmatito at tiscali.it
Sun Sep 18 17:01:43 UTC 2005
Hi,
I've a segfault in less that is reproducible:
./less .config
hit 11 times number a number 1-9 and then hit enter
:77777777777Segmentation fault
this doesn't happen if the first time less digits are entered.
A simple fix is to change line 772 in static void number_process(int first_digit) from:
num = atoi(num_input);
to
num = strtol(num_input, &endptr, 10);
if (errno != 0 || *endptr!='\0' || endptr==num_input || num < 1 || num > MAXLINES) {
buffer_print();
return;
}
BTW: in same function we have a potential buffer overflow at line 763:
/* Receive input until a letter is given */
while( (num_input[i] = tless_getch()) && isdigit(num_input[i])) {
as num_input is char num_input[80] it would be better to check for its boundaries:
/* Receive input until a letter is given (max 79 digits) */
while( i < 80 && (num_input[i] = tless_getch()) && isdigit(num_input[i])) {
printf("%c", num_input[i]);
i++;
}
The attached patch fixes this two problems for me , please take a look at it.
This applies on top of the previous less_fix_pipe.patch.
There are also some minor clean ups.
Ciao,
Tito
-------------- next part --------------
A non-text attachment was scrubbed...
Name: less_segfault_fix.patch
Type: text/x-diff
Size: 1493 bytes
Desc: not available
Url : http://lists.busybox.net/pipermail/busybox/attachments/20050918/363de00c/attachment.bin
More information about the busybox
mailing list