Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 50033 - elm-2.5.5-tempnam.patch frees unallocated pointer, segfaults
elm-2.5.5-tempnam.patch frees unallocated pointer, segfaults
Status: CLOSED DUPLICATE of bug 49566
Product: Red Hat Linux
Classification: Retired
Component: elm (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Trond Eivind Glomsrxd
David Lawrence
Depends On:
  Show dependency treegraph
Reported: 2001-07-26 01:12 EDT by Bob Nelson
Modified: 2007-04-18 12:35 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-07-26 01:12:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Bob Nelson 2001-07-26 01:12:48 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.7 i686)

Description of problem:
From elm-2.5.5-tempnam.patch for sndpart_lib.c:
-   if ((fname_tmp = tempnam(temp_dir, "fil.")) != NULL) {
-       MIME_FILE_CMD(buf, part->fname, fname_tmp);
+        if(fname_tmp)
+            free(fname_tmp);

fname_tmp is not allocated for the free() resulting in a segfault when
using the ``attach'' feature of elm.

Suggestion: Why not just make fname_tmp an auto array and lose the
``calloc()'' call? Furthermore, what does ``calloc()'' buy in terms of
safety? ``snprint()'' is already being used to confine the number of
characters written to the buffer...and it will null terminate the string.

How reproducible:

Steps to Reproduce:
1. Send mail using elm
2. Select attachment option
3. Specify a valid file


Actual Results:  Crash -- I've since changed fname_tmp to an auto array,
avoiding the calloc/free traps and it now works without fault in this

Expected Results:  The elm application should have ``attached'' (encoded)
the file to the e-mail message.

Additional info:
Comment 1 Trond Eivind Glomsrxd 2001-07-26 12:17:59 EDT

*** This bug has been marked as a duplicate of 49566 ***

Note You need to log in before you can comment on or make changes to this bug.