Re: VFS crash fixed
- From: Pavel Roskin <proski gnu org>
- To: "Andrew V. Samoilov" <sav bcs zp ua>
- Cc: <mc-devel gnome org>
- Subject: Re: VFS crash fixed
- Date: Tue, 22 May 2001 20:13:42 -0400 (EDT)
Hi, Andrew!
> : I remember rare crashes in MC after intensive use of different types of
> : VFS. This must be the fix for that problem.
>
> It seems now mc will crash after derefencing of NULL(s).
It doesn't crash for me. I tested it very carefully.
The crash always happened in is_num(), and this function checks columns[idx]
before dereferencing it.
>From what I see, the code is careful to call is_num() before calling
atol(), but some other libc functions may be indeed called with NULL, for
example, is_dos_date() may pass NULL to strlen().
Maybe some wrong input could crash MC. Connecting to a compromized ssh
server with fish may be a security risk.
> The real problem is a buffer overflow. There are a lot of places where
> index is incremented without checking of real number of members in columns.
> May be it is more right to write a columns () function to return nth element
> of that array.
What I really really want to do is to replace all that code with a yacc
program some day. The real problem is not having it.
> And now it is more right fill `columns' with pointers to empty string ("").
Let me think about it. I'll do it tomorrow unless I find something better.
--
Regards,
Pavel Roskin
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
