user [email protected]
usertags 519647 target-2.5.5
tags 519647 fixed-upstream
thanks
On Sat, Mar 14, 2009 at 12:11:18AM +0000, Dustin Marquess wrote:
> The 'count' variable in src/man.c:sort_candidates() is used unitialized
> which causes a random amount of memory to be allocated, with the
> possibility of mmap()'ing all available memory (and more).
>
> The follow patch fixes this issue:
>
> --- man-db-2.5.4/src/man.c 2009-02-23 22:18:56.000000000 +0000
> +++ man-db-2.5.4.new/src/man.c 2009-03-13 23:54:18.447351076 +0000
> @@ -2949,11 +2949,11 @@
>
> /* Sort the entire list of candidates. */
> static void sort_candidates (struct candidate **candidates)
> {
> struct candidate *cand, **allcands;
> - size_t count, i;
> + size_t count = 0, i;
>
> for (cand = *candidates; cand; cand = cand->next)
> ++count;
>
> if (count == 0)
Whoops, thanks! I've applied your patch upstream; a Debian package will
be forthcoming shortly.
--
Colin Watson [[email protected]]
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
