Package: abook
Version: 0.5.6-3
Severity: normal
Tags: patch
abooks terminates with a segmentation fault when the user enters ctrl-d
at the search prompt. This is because ui_find() assumes ui_readline()
will never return NULL.
I have attached a patch that will avoid the crash. I have also searched
for other "dangerous" uses of ui_readline() but haven't found any.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-k7
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=UTF-8)
Versions of packages abook depends on:
ii debconf [debconf-2.0] 1.5.11etch1 Debian configuration management sy
ii libc6 2.3.6.ds1-13etch4 GNU C Library: Shared libraries
ii libncursesw5 5.5-5 Shared libraries for terminal hand
ii libreadline5 5.2-2 GNU readline and history libraries
abook recommends no packages.
-- debconf information excluded
diff -urp abook-0.5.6.orig/ui.c abook-0.5.6/ui.c
--- abook-0.5.6.orig/ui.c 2008-01-22 20:19:13.000000000 +0100
+++ abook-0.5.6/ui.c 2008-01-22 20:24:32.000000000 +0100
@@ -569,7 +569,7 @@ ui_find(int next)
} else {
char *s;
s = ui_readline("/", findstr, MAX_FIELD_LEN - 1, 0);
- strncpy(findstr, s, MAX_FIELD_LEN);
+ strncpy(findstr, s ? s : "", MAX_FIELD_LEN);
free(s);
refresh_screen();
}