http://bugs.busybox.net/view.php?id=4694
hexdump -e ""
segfaults on my machine due to a NULL pointer dereference.
56: dumper_t *dumper = alloc_dumper();
...
86: if (ch == 'e') {
87: bb_dump_add(dumper, optarg);
...
116: return bb_dump_dump(dumper, argv);
The problem is as follows: hexdump.c:56 allocates a new dumper, and
later hexdump.c:87 sets dumper->fshead to point to {nextfs = 0x0,
nextfu = 0x0, bcnt = 0}. Then bb_dump_dump() is called, which in
turn calls rewrite(dumper, tfs) with tfs=dumper->fshead:
301: for (fu = fs->nextfu;; fu = fu->nextfu) {
302: if (!fu->nextfu && fs->bcnt < dumper->blocksize
&& !(fu->flags & F_SETREP) && fu->bcnt
) {
On dump.c:301, fu is set to fs->nextfu, which is NULL. Then on line
302, fu is dereferenced, causing a NULL pointer dereference.
Is line 301 supposed to be "for (fu = fs->nextfu; fu; fu = fu->nextfu)"?
Thanks,
Cristian
_______________________________________________
busybox mailing list
[email protected]
http://busybox.net/cgi-bin/mailman/listinfo/busybox
