Bug 50033 - elm-2.5.5-tempnam.patch frees unallocated pointer, segfaults
Summary: elm-2.5.5-tempnam.patch frees unallocated pointer, segfaults
Status: CLOSED DUPLICATE of bug 49566
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: elm   
(Show other bugs)
Version: 7.1
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Trond Eivind Glomsrxd
QA Contact: David Lawrence
Depends On:
TreeView+ depends on / blocked
Reported: 2001-07-26 05:12 UTC by Bob Nelson
Modified: 2007-04-18 16:35 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-07-26 05:12:52 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Bob Nelson 2001-07-26 05:12:48 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.7 i686)

Description of problem:
From elm-2.5.5-tempnam.patch for sndpart_lib.c:
-   if ((fname_tmp = tempnam(temp_dir, "fil.")) != NULL) {
-       MIME_FILE_CMD(buf, part->fname, fname_tmp);
+        if(fname_tmp)
+            free(fname_tmp);

fname_tmp is not allocated for the free() resulting in a segfault when
using the ``attach'' feature of elm.

Suggestion: Why not just make fname_tmp an auto array and lose the
``calloc()'' call? Furthermore, what does ``calloc()'' buy in terms of
safety? ``snprint()'' is already being used to confine the number of
characters written to the buffer...and it will null terminate the string.

How reproducible:

Steps to Reproduce:
1. Send mail using elm
2. Select attachment option
3. Specify a valid file


Actual Results:  Crash -- I've since changed fname_tmp to an auto array,
avoiding the calloc/free traps and it now works without fault in this

Expected Results:  The elm application should have ``attached'' (encoded)
the file to the e-mail message.

Additional info:

Comment 1 Trond Eivind Glomsrxd 2001-07-26 16:17:59 UTC

*** This bug has been marked as a duplicate of 49566 ***

Note You need to log in before you can comment on or make changes to this bug.