I see the following error with valgrind when doing "!cd /tmp" in ftp.
==11101== Invalid write of size 4 ==11101== at 0x80549E5: makeargv (main.c:506) ==11101== by 0x80550EB: main (main.c:413) ==11101== Address 0x42251f0 is 0 bytes after a block of size 8 alloc'd ==11101== at 0x402603E: malloc (vg_replace_malloc.c:207) ==11101== by 0x80547D9: makeargv (main.c:495) ==11101== by 0x80550EB: main (main.c:413) ==11101== Warning: silly arg (0) to malloc() Code in main.c is: 494 /* allocate memory for $count-sized array of chars */ !!495 rargv = (char **) malloc( count * strlen(line)); 496 if (rargv == NULL) 497 fatal("Out of memory"); 498 499 INTOFF; 500 argbuf = obstack_alloc(&mainobstack, strlen(line) + 1); 501 INTON; 502 argp = rargv; 503 stringbase = line; /* scan from first of buffer */ 504 argbase = argbuf; /* store from first of buffer */ 505 slrflag = 0; !!506 while ((*argp++ = slurpstring())!=NULL) 507 rargc++; This code is quite a mess. The way rargv is allocated is completely wrong for several reasons. It should: - allocate count pointers (so multiply count by sizeof(char *) when doing malloc(...) and not by multiply count the non-sensical strlen(line)!? - Also it should increase count by 2 when command contains an exclation mark - it should add 1 to count for the final NULL pointer in argp - it should add an extra 1 to count since some commands such as "ls" or "put" may append an extra argument to argp! Attached patch fixes it. Attached patch also fixes some memory leak which you can reproduce by typing illegal or ambiguous commands. This for example was leaking: ftp> a ?Ambiguous command Every ambiguous commands (among other things) was leaking memory. -- Dominique ** Attachment added: "patch to fix crash + memory leaks" http://launchpadlibrarian.net/24205202/fix-uninitialized-return-value-eval.c.patch -- ftp command crashes when typing: !cd /tmp https://bugs.launchpad.net/bugs/339569 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs