[email protected] (Karl Berry) writes: > #2 0x000000000040ac84 in text_buffer_vprintf > (buf=buf@entry=0x62f270, format=0x423098 "%s\n", > ap=ap@entry=0x7fffffffe0e8) at info-utils.c: > > $ echo h >/tmp/h > $ info --restore=/tmp/h > also crashes here for me, on x86_64-linux (but not i386-linux). > It is not immediately obvious to me where the problem is :(.
It's the classic bug of using a va_list after being destroyed. Andreas. 2012-07-14 Andreas Schwab <[email protected]> * info/info-utils.c (text_buffer_vprintf): Create a copy of AP in the loop. --- info/info-utils.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/info/info-utils.c b/info/info-utils.c index 39343d9..ade4a14 100644 --- a/info/info-utils.c +++ b/info/info-utils.c @@ -1,7 +1,7 @@ /* info-utils.c -- miscellanous. $Id: info-utils.c,v 1.18 2012/04/12 10:38:28 gray Exp $ - Copyright (C) 1993, 1998, 2003, 2004, 2007, 2008, 2009, 2011 + Copyright (C) 1993, 1998, 2003, 2004, 2007, 2008, 2009, 2011, 2012 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify @@ -782,7 +782,8 @@ size_t text_buffer_vprintf (struct text_buffer *buf, const char *format, va_list ap) { ssize_t n; - + va_list ap_copy; + if (!buf->base) { if (buf->size == 0) @@ -793,8 +794,10 @@ text_buffer_vprintf (struct text_buffer *buf, const char *format, va_list ap) for (;;) { + va_copy (ap_copy, ap); n = vsnprintf (buf->base + buf->off, buf->size - buf->off, - format, ap); + format, ap_copy); + va_end (ap_copy); if (n < 0 || buf->off + n >= buf->size || !memchr (buf->base + buf->off, '\0', buf->size - buf->off + 1)) { -- 1.7.11.2 -- Andreas Schwab, [email protected] GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5 "And now for something completely different."
