segfault in rlog.c

bug-rcs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

segfault in rlog.c

From:	Ray Bellis
Subject:	segfault in rlog.c
Date:	Wed, 26 Jan 2022 12:23:27 +0000
User-agent:	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.5.0

[I already added this to the online bug DB ashttp://savannah.gnu.org/bugs/index.php?61932]

Our Twiki installation has a bunch of RCS files with old commits wherethe final `a` line in the comma-v file has an extra trailing newlinebefore the closing `@` line.

Reading these files with `rcs log` causes a segfault in the `count_a_d`function, because the `strchr` call looking for a space characterreturns NULL, which is then passed to the `read_positive_integer` function.


If I insert:

  if (!p) break;

after the strchr call then the log can be read successfully.

The installation is FreeBSD 12.3, using rcs 5.10.0 from the FreeBSD pkgrepository, recently upgraded from FreeBSD 12.2.

As yet I've been unable to determine why this apparently neverpreviously caused us an issue.


cheers,

Ray

[Prev in Thread]

Current Thread

[Next in Thread]

segfault in rlog.c, Ray Bellis <=
- Re: segfault in rlog.c, Thien-Thi Nguyen, 2022/01/26

Next by Date: Re: segfault in rlog.c
Next by thread: Re: segfault in rlog.c
Index(es):
- Date
- Thread