On Thu, Nov 10 2022, Ross L Richardson <open...@rlr.id.au> wrote: > Reported upstream (by me) as > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=267684 > > math/ministat has a silly bug in which the code assumes that "-" will be > specified no more than once at invocation: > > $ jot 3 | ministat - - > Segmentation fault (core dumped) > > The problem is in the port-patched code at: > 643 if (argc > (MAX_DS - 1)) > 644 usage("Too many datasets."); > 645 nds = argc; > 646 for (i = 0; i < nds; i++) { > 647 setfilenames[i] = argv[i]; > 648 if (!strcmp(argv[i], "-")) > 649 setfiles[0] = stdin; > 650 else > 651 setfiles[i] = fopen(argv[i], > "r"); > 652 if (setfiles[i] == NULL) > 653 err(2, "Cannot open %s", > argv[i]); > 654 } > > On line 649, the index is fixed at 0, eventually leading to fgets() > attempting to read from an uninitialised stream. > > The simplest fix is change the index: > 649 setfiles[i] = stdin;
Indeed. > That way, ministat will error out complaining that, on the second reading, > stdin has fewer than 3 data points. > (A more logical fix would be to check explicitly for more than 1 > occurrence of "-".) A lot of tools that can use stdin don't explicitely check for it being specified twice. As far as this port is concerned, I think it's fine. Thanks for your report. Do you want to take it to upstream FreeBSD? Here's the diff for our ports tree. Index: Makefile =================================================================== RCS file: /home/cvs/ports/math/ministat/Makefile,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 Makefile --- Makefile 6 Nov 2022 17:15:05 -0000 1.1.1.1 +++ Makefile 10 Nov 2022 08:26:35 -0000 @@ -1,6 +1,7 @@ COMMENT= statistics utility DISTNAME= ministat-0.0.20211218 +REVISION= 0 CATEGORIES= math Index: patches/patch-ministat_c =================================================================== RCS file: /home/cvs/ports/math/ministat/patches/patch-ministat_c,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 patch-ministat_c --- patches/patch-ministat_c 6 Nov 2022 17:15:05 -0000 1.1.1.1 +++ patches/patch-ministat_c 10 Nov 2022 08:29:17 -0000 @@ -1,4 +1,6 @@ -Remove FBSDID and replace capsicum with pledge +Remove FBSDID +Replace capsicum with pledge +Fix stdin handling Index: ministat.c --- ministat.c.orig @@ -39,6 +41,15 @@ Index: ministat.c ci = -1; while ((c = getopt(argc, argv, "AC:c:d:snqw:")) != -1) switch (c) { +@@ -643,7 +646,7 @@ main(int argc, char **argv) + for (i = 0; i < nds; i++) { + setfilenames[i] = argv[i]; + if (!strcmp(argv[i], "-")) +- setfiles[0] = stdin; ++ setfiles[i] = stdin; + else + setfiles[i] = fopen(argv[i], "r"); + if (setfiles[i] == NULL) @@ -651,23 +654,14 @@ main(int argc, char **argv) } } -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE