[Bug 339569] Re: ftp command crashes when typing: !cd /tmp

Sun, 22 Mar 2009 03:10:45 -0700 

I see the following error with valgrind when doing "!cd /tmp" in ftp.

==11101== Invalid write of size 4
==11101==    at 0x80549E5: makeargv (main.c:506)
==11101==    by 0x80550EB: main (main.c:413)
==11101==  Address 0x42251f0 is 0 bytes after a block of size 8 alloc'd
==11101==    at 0x402603E: malloc (vg_replace_malloc.c:207)
==11101==    by 0x80547D9: makeargv (main.c:495)
==11101==    by 0x80550EB: main (main.c:413)
==11101== Warning: silly arg (0) to malloc()

Code in main.c is:

  494  /* allocate memory for $count-sized array of chars */
!!495  rargv = (char **) malloc( count * strlen(line));
  496  if (rargv == NULL)
  497              fatal("Out of memory");
  498
  499  INTOFF;
  500  argbuf = obstack_alloc(&mainobstack, strlen(line) + 1);
  501  INTON;
  502  argp = rargv;
  503  stringbase = line;              /* scan from first of buffer */
  504  argbase = argbuf;               /* store from first of buffer */
  505  slrflag = 0;
!!506  while ((*argp++ = slurpstring())!=NULL)
  507          rargc++;

This code is quite a mess. The way rargv is allocated is completely wrong
for several reasons.   It should:

- allocate count pointers (so multiply count by sizeof(char *) when doing
  malloc(...) and not by multiply count the non-sensical strlen(line)!?
- Also it should increase count by 2 when command contains an
  exclation mark
- it should add 1 to count for the final NULL pointer in argp
- it should add an extra 1 to count since some commands such as
  "ls" or "put" may append an extra argument to argp!

Attached patch fixes it.  Attached patch also fixes some memory leak
which you can reproduce by typing illegal or ambiguous commands.
This for example was leaking:

ftp> a
?Ambiguous command

Every ambiguous commands (among other things) was leaking memory.

-- Dominique


** Attachment added: "patch to fix crash + memory leaks"
   
http://launchpadlibrarian.net/24205202/fix-uninitialized-return-value-eval.c.patch

-- 
ftp command crashes when typing: !cd /tmp
https://bugs.launchpad.net/bugs/339569
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to