Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 104146 - Fault pointer in "watch"
Fault pointer in "watch"
Status: CLOSED CURRENTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: procps (Show other bugs)
9
All Linux
medium Severity high
: ---
: ---
Assigned To: Daniel Walsh
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-09-10 11:01 EDT by JW
Modified: 2007-04-18 12:57 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-02-11 08:42:06 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description JW 2003-09-10 11:01:45 EDT 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; MSIE 5.01; Windows 98;)

Description of problem:
Here is the code in question:

        for (; optind < argc; optind++) {
                int s = strlen(argv[optind]);
                char *endp = &command[command_length];
                *endp = ' ';
                command_length += s + 1;
                command = realloc(command, command_length + 1);
                strcpy(endp + 1, argv[optind]);
        }

Study it carefully.  Looks fine doesn't it.
Well it isn't.

The 'endp' is set to point somewhere in relation to 'command'
Then 'command' is changed via realloc.
Then 'endp' is used again like nothing has changed!


Version-Release number of selected component (if applicable):
2.0.13-8

How reproducible:
Always

Steps to Reproduce:
1. Read the code
2. 
3.
    

Actual Results:  Depends on realloc/malloc implementation.
At worse segmentation error, but usually just garbled result.
Unless your system allocate memory in rather large chunks.

Additional info:
Comment 1 Alexander Larsson 2003-09-25 05:01:55 EDT 
This is fixed in 2.0.16, we need to upgrade.
Comment 2 Pete Zaitcev 2003-10-08 15:35:06 EDT 
*** Bug 106399 has been marked as a duplicate of this bug. ***
Comment 3 Pete Zaitcev 2003-10-08 15:37:41 EDT 
Eek. Ignore a mistaken dup.
Comment 4 Daniel Walsh 2004-02-11 08:42:06 EST 
Fixed in latest release 3.1.15
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.