On Thu, Nov 10 2022, Ross L Richardson <open...@rlr.id.au> wrote:
> Reported upstream (by me) as
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=267684
>
> math/ministat has a silly bug in which the code assumes that "-" will be
> specified no more than once at invocation:
>
> $ jot 3 | ministat - -
> Segmentation fault (core dumped)
>
> The problem is in the port-patched code at:
> 643 if (argc > (MAX_DS - 1))
> 644 usage("Too many datasets.");
> 645 nds = argc;
> 646 for (i = 0; i < nds; i++) {
> 647 setfilenames[i] = argv[i];
> 648 if (!strcmp(argv[i], "-"))
> 649 setfiles[0] = stdin;
> 650 else
> 651 setfiles[i] = fopen(argv[i],
> "r");
> 652 if (setfiles[i] == NULL)
> 653 err(2, "Cannot open %s",
> argv[i]);
> 654 }
>
> On line 649, the index is fixed at 0, eventually leading to fgets()
> attempting to read from an uninitialised stream.
>
> The simplest fix is change the index:
> 649 setfiles[i] = stdin;
Indeed.
> That way, ministat will error out complaining that, on the second reading,
> stdin has fewer than 3 data points.
> (A more logical fix would be to check explicitly for more than 1
> occurrence of "-".)
A lot of tools that can use stdin don't explicitely check for it being
specified twice. As far as this port is concerned, I think it's fine.
Thanks for your report. Do you want to take it to upstream FreeBSD?
Here's the diff for our ports tree.
Index: Makefile
===================================================================
RCS file: /home/cvs/ports/math/ministat/Makefile,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 Makefile
--- Makefile 6 Nov 2022 17:15:05 -0000 1.1.1.1
+++ Makefile 10 Nov 2022 08:26:35 -0000
@@ -1,6 +1,7 @@
COMMENT= statistics utility
DISTNAME= ministat-0.0.20211218
+REVISION= 0
CATEGORIES= math
Index: patches/patch-ministat_c
===================================================================
RCS file: /home/cvs/ports/math/ministat/patches/patch-ministat_c,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 patch-ministat_c
--- patches/patch-ministat_c 6 Nov 2022 17:15:05 -0000 1.1.1.1
+++ patches/patch-ministat_c 10 Nov 2022 08:29:17 -0000
@@ -1,4 +1,6 @@
-Remove FBSDID and replace capsicum with pledge
+Remove FBSDID
+Replace capsicum with pledge
+Fix stdin handling
Index: ministat.c
--- ministat.c.orig
@@ -39,6 +41,15 @@ Index: ministat.c
ci = -1;
while ((c = getopt(argc, argv, "AC:c:d:snqw:")) != -1)
switch (c) {
+@@ -643,7 +646,7 @@ main(int argc, char **argv)
+ for (i = 0; i < nds; i++) {
+ setfilenames[i] = argv[i];
+ if (!strcmp(argv[i], "-"))
+- setfiles[0] = stdin;
++ setfiles[i] = stdin;
+ else
+ setfiles[i] = fopen(argv[i], "r");
+ if (setfiles[i] == NULL)
@@ -651,23 +654,14 @@ main(int argc, char **argv)
}
}
--
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
