Bug#327756: Conserver 8.1.11 Crashs on Log Replay

Sun, 11 Sep 2005 14:48:07 -0700 

Package: conserver
Version: 8.1.11-6

When the log for a console contains several (10-20) lines of events
(i.e. MARKs or console up/down) attempting to replay this log from with
'console -A' will result in conserver crashing and generating a Sig 11. 

Upstream identified the problem as bad pointer manipulation and fixed it
in version 8.1.12. The attached patch fixes the problem for
8.1.11. Thanks!

---------------------------------------------------------------------------
|   "For to me to live is Christ, and to die is gain."                    |
|                                            --- Philippians 1:21 (KJV)   |
---------------------------------------------------------------------------
|   Ryan Kirkpatrick  |  Boulder, Colorado  |  http://www.rkirkpat.net/   |
---------------------------------------------------------------------------



diff -cr conserver-8.1.11/conserver/client.c 
conserver-8.1.11-new/conserver/client.c
*** conserver-8.1.11/conserver/client.c Mon Oct 25 00:18:18 2004
--- conserver-8.1.11-new/conserver/client.c     Sat Sep  3 07:59:26 2005
***************
*** 250,274 ****
                    /* this is a mark and the previous line is also
                     * a mark, so make (or continue) that range
                     */
!                   if (0 == lines[ln - 1].mark_end->allocated) {
                        /* this is a new range - shuffle pointers
                         *
                         * remember that we are moving backward
                         */
!                       *(lines[ln - 1].mark_end) = *(lines[ln - 1].line);
!                       InitString(lines[ln - 1].line);
!                   }
!                   /* if unallocated, cheat and shuffle pointers */
!                   if (0 == lines[ln - 1].line->allocated) {
!                       *(lines[ln - 1].line) = *(lines[ln].line);
!                       InitString(lines[ln].line);
!                   } else {
                        BuildString((char *)0, lines[ln - 1].line);
-                       BuildStringN(lines[ln].line->string,
-                                    lines[ln].line->used - 1,
-                                    lines[ln - 1].line);
-                       BuildString((char *)0, lines[ln].line);
                    }
                    ln--;
                }
                lines[ln].is_mark = is_mark;
--- 250,270 ----
                    /* this is a mark and the previous line is also
                     * a mark, so make (or continue) that range
                     */
!                   if (0 == lines[ln - 1].mark_end->used) {
                        /* this is a new range - shuffle pointers
                         *
                         * remember that we are moving backward
                         */
!                       BuildStringN(lines[ln - 1].line->string,
!                                    lines[ln - 1].line->used - 1,
!                                    lines[ln - 1].mark_end);
                        BuildString((char *)0, lines[ln - 1].line);
                    }
+                   BuildString((char *)0, lines[ln - 1].line);
+                   BuildStringN(lines[ln].line->string,
+                           lines[ln].line->used - 1,
+                           lines[ln - 1].line);
+                   BuildString((char *)0, lines[ln].line);
                    ln--;
                }
                lines[ln].is_mark = is_mark;

Reply via email to