Hide Forgot
The following bug is present in the version of kudzu-0.99.23-1 that comes with RedHat 7.2 and is still present in the latest version (as of January 26th, 2002) kudzu-0.99.45-1. When running kudzu on my system the function parse_pnp_string() (in the file "serial.c") is called with the following arguments: int pnp_len = 11 unsigned char* pnp_id_string = { '~', 0x16, 0x8, '0', '(', '4', '9', ')', 'q', 0x19, 0x7f, 0x0 } Note pnp_id_string contains both the BeginPnP1 '(' character and the BeginPnP2 0x08 character but only the EndPnP1 ')' character - it does not contain the EndPnP2 0x09 character. pnp_id_string is copied into the memory pointed to by the local variable pnp_string. So then the piece of code marked by the comment /* first find the start of the PnP part of string */ finds the two begin characters and the following code chooses the BeginPnP2 character over the BeginPnP1 character as it is nearer to the start of the string. So now we're in trouble as we hit the code marked by the comment /* we need to xlate data in PnP fields */ as the following code adds 0x20 to each character but runs over the end of pnp_string as it does not find the EndPnP2 character. On my system it zips on through memory and overwrites the local variables before hitting a 0x09 somewhere. And so it's actually the memcpy() just below that actually causes kudzu to exit with a 'Segmentation fault' as pnp_string now no longer points to a valid area of memory.
Created attachment 43637 [details] A patch to serial.c that fixes this bug
Will be fixed in 0.99.48-1; thanks!