I see the following error with valgrind when doing "!cd /tmp" in ftp.
==11101== Invalid write of size 4
==11101== at 0x80549E5: makeargv (main.c:506)
==11101== by 0x80550EB: main (main.c:413)
==11101== Address 0x42251f0 is 0 bytes after a block of size 8 alloc'd
==11101== at 0x402603E: malloc (vg_replace_malloc.c:207)
==11101== by 0x80547D9: makeargv (main.c:495)
==11101== by 0x80550EB: main (main.c:413)
==11101== Warning: silly arg (0) to malloc()
Code in main.c is:
494 /* allocate memory for $count-sized array of chars */
!!495 rargv = (char **) malloc( count * strlen(line));
496 if (rargv == NULL)
497 fatal("Out of memory");
498
499 INTOFF;
500 argbuf = obstack_alloc(&mainobstack, strlen(line) + 1);
501 INTON;
502 argp = rargv;
503 stringbase = line; /* scan from first of buffer */
504 argbase = argbuf; /* store from first of buffer */
505 slrflag = 0;
!!506 while ((*argp++ = slurpstring())!=NULL)
507 rargc++;
This code is quite a mess. The way rargv is allocated is completely wrong
for several reasons. It should:
- allocate count pointers (so multiply count by sizeof(char *) when doing
malloc(...) and not by multiply count the non-sensical strlen(line)!?
- Also it should increase count by 2 when command contains an
exclation mark
- it should add 1 to count for the final NULL pointer in argp
- it should add an extra 1 to count since some commands such as
"ls" or "put" may append an extra argument to argp!
Attached patch fixes it. Attached patch also fixes some memory leak
which you can reproduce by typing illegal or ambiguous commands.
This for example was leaking:
ftp> a
?Ambiguous command
Every ambiguous commands (among other things) was leaking memory.
-- Dominique
** Attachment added: "patch to fix crash + memory leaks"
http://launchpadlibrarian.net/24205202/fix-uninitialized-return-value-eval.c.patch
--
ftp command crashes when typing: !cd /tmp
https://bugs.launchpad.net/bugs/339569
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
