Package: abook
Version: 0.5.6-3
Severity: normal
Tags: patch

abooks terminates with a segmentation fault when the user enters ctrl-d
at the search prompt. This is because ui_find() assumes ui_readline()
will never return NULL.

I have attached a patch that will avoid the crash. I have also searched
for other "dangerous" uses of ui_readline() but haven't found any.

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-k7
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=UTF-8)

Versions of packages abook depends on:
ii  debconf [debconf-2.0]  1.5.11etch1       Debian configuration management sy
ii  libc6                  2.3.6.ds1-13etch4 GNU C Library: Shared libraries
ii  libncursesw5           5.5-5             Shared libraries for terminal hand
ii  libreadline5           5.2-2             GNU readline and history libraries

abook recommends no packages.

-- debconf information excluded
diff -urp abook-0.5.6.orig/ui.c abook-0.5.6/ui.c
--- abook-0.5.6.orig/ui.c	2008-01-22 20:19:13.000000000 +0100
+++ abook-0.5.6/ui.c	2008-01-22 20:24:32.000000000 +0100
@@ -569,7 +569,7 @@ ui_find(int next)
 	} else {
 		char *s;
 		s = ui_readline("/", findstr, MAX_FIELD_LEN - 1, 0);
-		strncpy(findstr, s, MAX_FIELD_LEN);
+		strncpy(findstr, s ? s : "", MAX_FIELD_LEN);
 		free(s);
 		refresh_screen();
 	}

Reply via email to