>Number: 152549
>Category: bin
>Synopsis: The function catstrg() in usr.bin/xlint/lint1/tree.c is broken.
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Nov 24 17:40:06 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Henning Petersen
>Release: FreeBSD-current
>Organization:
>Environment:
>Description:
The function catstrg() in usr.bin/xlint/lint1/tree.c is broken.
>How-To-Repeat:
Take the following example program:
---- BEGIN -----
#include <stdio.h>
#include <stdarg.h>
#include <syslog.h>
/* PRINTFLIKE1 */
int
myprintf(char *fmt0, ...)
{
va_list va;
va_start(va, fmt0);
vsyslog(LOG_DEBUG, fmt0, va);
va_end(va);
return 0;
}
int main(int argc, char *argv[])
{
long h;
h = (long) argc;
myprintf("Usage: "
"%ld [options]\n" , h);
return argv[0] != NULL;
}
---- END -----
and run
lint -n example.c
which will print (besides other stuff):
myprintf: malformed format string
>Fix:
diff -u -r1.14 tree.c
--- src/usr.bin/xlint/lint1/tree.c 1 Jan 2003 18:13:44 -0000 1.14
+++ src/usr.bin/xlint/lint1/tree.c 24 Nov 2010 16:23:32 -0000
@@ -3786,6 +3786,7 @@
(len2 + 1) * sizeof (wchar_t));
free(strg2->st_wcp);
}
+ strg1->st_len = len;
free(strg2);
return (strg1);
Patch attached with submission follows:
Index: src/usr.bin/xlint/lint1/tree.c
===================================================================
RCS file: /home/ncvs/src/usr.bin/xlint/lint1/tree.c,v
retrieving revision 1.14
diff -u -r1.14 tree.c
--- src/usr.bin/xlint/lint1/tree.c 1 Jan 2003 18:13:44 -0000 1.14
+++ src/usr.bin/xlint/lint1/tree.c 24 Nov 2010 16:23:32 -0000
@@ -3786,6 +3786,7 @@
(len2 + 1) * sizeof (wchar_t));
free(strg2->st_wcp);
}
+ strg1->st_len = len;
free(strg2);
return (strg1);
>Release-Note:
>Audit-Trail:
>Unformatted:
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "[email protected]"
