Package: ircii
Version: 20210314+really20190117-1
Severity: normal
Tags: patch
X-Debbugs-Cc: parod...@gmail.com
Dear Maintainer,
The command /help ircii (and also /help irc) immediately segfaults. For what I
can tell, if the topic is the name of a folder and /help does not find a file
with the same name as it's parent folder, it tries to find the gzipped version.
The SIGSEGV comes from a call to vsnprintf (from malloc_snprintf), that has a
format string which needs 3 values, but it only gets 2. The attached patch
should fix that.
-- System Information:
Debian Release: 11.0
APT prefers stable-security
APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.10.0-8-amd64 (SMP w/12 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=gl_ES.UTF-8, LC_CTYPE=gl_ES.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages ircii depends on:
ii libc6 2.31-13
ii libcrypt1 1:4.4.18-4
ii libssl1.1 1.1.1k-1+deb11u1
ii libtinfo6 6.2+20201114-2
ircii recommends no packages.
ircii suggests no packages.
-- no debconf information
--- a/source/help.c 2019-01-18 11:29:41.000000000 +0100
+++ b/source/help.c 2021-09-17 16:24:47.748766099 +0200
@@ -311,7 +311,7 @@
#ifdef ZCAT
if (my_strcmp(name + (my_strlen(name) - my_strlen(ZSUFFIX)),
ZSUFFIX))
{
- malloc_snprintf(&filename, "%s/%s%s", path, ZSUFFIX);
+ malloc_snprintf(&filename, "%s/%s%s", path, name,
ZSUFFIX);
if (stat(CP(filename), &sb) == -1)
{
new_free(&filename);
