Bug 50033
| Summary: | elm-2.5.5-tempnam.patch frees unallocated pointer, segfaults | ||
|---|---|---|---|
| Product: | [Retired] Red Hat Linux | Reporter: | Bob Nelson <nelsonbe> |
| Component: | elm | Assignee: | Trond Eivind Glomsrxd <teg> |
| Status: | CLOSED DUPLICATE | QA Contact: | David Lawrence <dkl> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.1 | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2001-07-26 05:12:52 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
From Bugzilla Helper: User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.7 i686) Description of problem: From elm-2.5.5-tempnam.patch for sndpart_lib.c: - if ((fname_tmp = tempnam(temp_dir, "fil.")) != NULL) { - MIME_FILE_CMD(buf, part->fname, fname_tmp); + if(fname_tmp) + free(fname_tmp); fname_tmp is not allocated for the free() resulting in a segfault when using the ``attach'' feature of elm. Suggestion: Why not just make fname_tmp an auto array and lose the ``calloc()'' call? Furthermore, what does ``calloc()'' buy in terms of safety? ``snprint()'' is already being used to confine the number of characters written to the buffer...and it will null terminate the string. How reproducible: Always Steps to Reproduce: 1. Send mail using elm 2. Select attachment option 3. Specify a valid file Actual Results: Crash -- I've since changed fname_tmp to an auto array, avoiding the calloc/free traps and it now works without fault in this context. Expected Results: The elm application should have ``attached'' (encoded) the file to the e-mail message. Additional info: