Package: ircii Version: 20210314+really20190117-1 Severity: normal Tags: patch X-Debbugs-Cc: parod...@gmail.com
Dear Maintainer, The command /help ircii (and also /help irc) immediately segfaults. For what I can tell, if the topic is the name of a folder and /help does not find a file with the same name as it's parent folder, it tries to find the gzipped version. The SIGSEGV comes from a call to vsnprintf (from malloc_snprintf), that has a format string which needs 3 values, but it only gets 2. The attached patch should fix that. -- System Information: Debian Release: 11.0 APT prefers stable-security APT policy: (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.0-8-amd64 (SMP w/12 CPU threads) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=gl_ES.UTF-8, LC_CTYPE=gl_ES.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages ircii depends on: ii libc6 2.31-13 ii libcrypt1 1:4.4.18-4 ii libssl1.1 1.1.1k-1+deb11u1 ii libtinfo6 6.2+20201114-2 ircii recommends no packages. ircii suggests no packages. -- no debconf information
--- a/source/help.c 2019-01-18 11:29:41.000000000 +0100 +++ b/source/help.c 2021-09-17 16:24:47.748766099 +0200 @@ -311,7 +311,7 @@ #ifdef ZCAT if (my_strcmp(name + (my_strlen(name) - my_strlen(ZSUFFIX)), ZSUFFIX)) { - malloc_snprintf(&filename, "%s/%s%s", path, ZSUFFIX); + malloc_snprintf(&filename, "%s/%s%s", path, name, ZSUFFIX); if (stat(CP(filename), &sb) == -1) { new_free(&filename);