This does not fix all "leaks" that may be detected. In particular
during program initialization copies of a few strings and such are made
and those copies may persist. However, those are benign as the program
does not continuously leak memory. Furthermore, fixing all of them would
be substantial
The environment variable LESSBINFMT is not properly validated. If it is
set to "*", less will perform an out of boundary access.
This happens because strchr can be called with '\0' as second argument.
Such a call won't return NULL but the address of the '\0' in the string.
Therefore, the checkfmt
sort segfaults when using the -m flag and no files.
It should default to stdin instead.
Easily reproducible with a simple:
sort -m
Index: sort.c
===
RCS file: /cvs/src/usr.bin/sort/sort.c,v
retrieving revision 1.86
diff -u -r1.86 sor
The repllen variable is not used anywhere.
Index: strnsubst.c
===
RCS file: /cvs/src/usr.bin/xargs/strnsubst.c,v
retrieving revision 1.5
diff -u -r1.5 strnsubst.c
--- strnsubst.c 27 Oct 2009 23:59:50 - 1.5
+++ strnsubst.c 3 J