Re: VFS crash fixed

From: "Andrew V. Samoilov" <sav bcs zp ua>
To: Pavel Roskin <proski gnu org>
Cc: mc-devel gnome org
Subject: Re: VFS crash fixed
Date: Wed, 23 May 2001 02:51:42 +0300

Pavel Roskin wrote:
: Hello!
: 
: This is perhaps one of the most serious bugs in MC I have ever fixed. The
: `columns' array wasn't cleaned up in vfs_split_text(). If the new string
: had less fields (i.e. spaces) than the old one, the some of the values in
: `columns' would point to the old string. Occasionally MC would try to
: access the "old" memory. This can cause it to crash, since the filesystems
: are freed after a timeout.
. . . 
: I remember rare crashes in MC after intensive use of different types of
: VFS. This must be the fix for that problem.

It seems now mc will crash after derefencing of NULL(s). 
The real problem is a buffer overflow. There are a lot of places where 
index is incremented without checking of real number of members in columns.
May be it is more right to write a columns () function to return nth element
of that array. 
And now it is more right fill `columns' with pointers to empty string ("").

Regards,
Andrew.

Follow-Ups:
- Re: VFS crash fixed
  - From: Pavel Roskin

References:
- VFS crash fixed
  - From: Pavel Roskin

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]